{"id":3285,"date":"2021-09-29T18:37:12","date_gmt":"2021-09-29T13:07:12","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=3285"},"modified":"2021-09-29T18:37:13","modified_gmt":"2021-09-29T13:07:13","slug":"how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/","title":{"rendered":"How FinFisher Malware Steals Windows Boot Manager with UEFI Bootkit?"},"content":{"rendered":"\n<p><p style=\"text-align: justify;\">Economically developed FinFisher malware now can harm Windows devices using a UEFI bootkit that it inserts in the Windows Boot Manager. FinFisher (also known as FinSpy and Wingbird) is an inspection solution generated by the Gamma Group that also arrives with malware-like capabilities often discover in spyware strains.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">The developer says it\u2019s sold completely to government agencies and law enforcement across the world, but the cybersecurity firms have also analyzed it while being transmitted through the spearphishing operations and the infrastructure of Internet Service Providers (ISPs).<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Endurance and Evasiveness Powerhouse<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">\u201cDuring the research, we discover a UEFI bootkit that was loading the FinSpy. All the machines affected with the UEFI bootkit had the Windows Boot Manager (bootmgfw.efi) replaced with a malicious one,\u201d security researchers revealed today.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">\u201cThis method of exploitation permitted the threat actors to install a bootkit without the requirement to bypass firmware security checks. UEFI infections are very rare and generally hard to run, and then they stand out due to their prevarication and persistence.\u201d<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">The Unified Extensible Firmware Interface (UEFI) firmware permits for highly persistent bootkit malware as it\u2019s installed within the SPI flash storage soldered to computers\u2019 motherboard making it is impossible to get rid of through hard drive replacement or even OS re-installation.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Rootkits are malicious code planted in the firmware invisible to protecting solutions within the operating system since it\u2019s designed to load before everything else, in the starting stage of a device&#8217;s booting sequence.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">They facilitate threat actors with control over the operating systems since it\u2019s designed to load before everything else, in the starting stage of a device\u2019s booting sequence. They facilitate the threat actor with control over an operating systems\u2019 boot process and make it possible to destruction OS defenses bypassing the Secure Boot mechanism depending on the system\u2019s boot security mode (allowing the \u201cfull boot\u201d or \u201cthrough boot\u201d mod would block the malware as the NSA explains).<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Publicly documented attacks and malware using boot kits in the wild are extremely rare \u2014 Lojax used by the Russian-backed APT28 hacker group, MosaicRegressor was deployed by Chinese-speaking hackers, TrickBot&#8217;s TrickBoot module, and Moriya which Chinese-speaking threat actors likely used for espionage since 2018.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">&#8220;While in this case the attackers did not infect the UEFI firmware itself, but its next boot stage, the attack was particularly stealthy, as the malicious module was installed on a separate partition and could control the boot process of the infected machine,&#8221; the researchers added.<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/How-FinFisher-Malware-Steals-Windows-Boot-Manager-with-UEFI-Bootkit-image1-1024x673.jpg\" alt=\"How-FinFisher-Malware-Steals-Windows-Boot-Manager-with-UEFI-Bootkit-image1\" class=\"wp-image-3288\" width=\"484\" height=\"318\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/How-FinFisher-Malware-Steals-Windows-Boot-Manager-with-UEFI-Bootkit-image1-1024x673.jpg 1024w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/How-FinFisher-Malware-Steals-Windows-Boot-Manager-with-UEFI-Bootkit-image1-300x197.jpg 300w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/How-FinFisher-Malware-Steals-Windows-Boot-Manager-with-UEFI-Bootkit-image1-768x505.jpg 768w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/How-FinFisher-Malware-Steals-Windows-Boot-Manager-with-UEFI-Bootkit-image1.jpg 1460w\" sizes=\"(max-width: 484px) 100vw, 484px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify;\">Older computers that don&#8217;t come with UEFI support were infected using a similar tactic, through the MBR (Master Boot Record) with a bootkit first detected in 2014.&nbsp; &nbsp;&nbsp;<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>New Obfuscation and Anti-Analysis Measure<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">For other malware samples used in the attacks analyzed by Kaspersky, the spyware&#8217;s developers also used four layers of obfuscation and anti-analysis measures designed to make FinFisher one of the &#8220;hardest-to-detect spywares to date.&#8221;<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Their efforts were highly effective since the malware samples could evade almost any detection attempt and were virtually impossible to analyze (every sample spotted by our experts required &#8220;overwhelming&#8221; amounts of work to unscramble).<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">&#8220;The amount of work put into making FinFisher not accessible to security researchers is particularly worrying and somewhat impressive,&#8221; added Igor Kuznetsov, a principal security researcher at Global Research and Analysis Team (GReAT).<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">&#8220;It seems like the developers put at least as much work into obfuscation and anti-analysis measures as in the Trojan itself. As a result, its capabilities to evade any detection and analysis make this spyware particularly hard to track and detect.&#8221;<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">You can find further details and indicators of compromise (IOCs) related to FinFisher&#8217;s Windows, Linux, and macOS infection vectors at the end of the security report.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Economically developed FinFisher malware now can harm Windows devices using a UEFI bootkit that it inserts in the Windows Boot Manager. FinFisher (also known as FinSpy and Wingbird) is an inspection solution generated by the Gamma Group that also arrives with malware-like capabilities often discover in spyware strains. The developer says it\u2019s sold completely to [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":3287,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How FinFisher Malware Steals Windows Boot Manager with UEFI Bootkit? - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How FinFisher Malware Steals Windows Boot Manager with UEFI Bootkit? - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Economically developed FinFisher malware now can harm Windows devices using a UEFI bootkit that it inserts in the Windows Boot Manager. FinFisher (also known as FinSpy and Wingbird) is an inspection solution generated by the Gamma Group that also arrives with malware-like capabilities often discover in spyware strains. The developer says it\u2019s sold completely to [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-29T13:07:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-29T13:07:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/How-FinFisher-Malware-Steals-Windows-Boot-Manager-with-UEFI-Bootkit-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"How FinFisher Malware Steals Windows Boot Manager with UEFI Bootkit?\",\"datePublished\":\"2021-09-29T13:07:12+00:00\",\"dateModified\":\"2021-09-29T13:07:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/\"},\"wordCount\":624,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Breaches\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/\",\"url\":\"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/\",\"name\":\"How FinFisher Malware Steals Windows Boot Manager with UEFI Bootkit? - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-09-29T13:07:12+00:00\",\"dateModified\":\"2021-09-29T13:07:13+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How FinFisher Malware Steals Windows Boot Manager with UEFI Bootkit?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How FinFisher Malware Steals Windows Boot Manager with UEFI Bootkit? - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/","og_locale":"en_US","og_type":"article","og_title":"How FinFisher Malware Steals Windows Boot Manager with UEFI Bootkit? - Xiarch Solutions Private Limited","og_description":"Economically developed FinFisher malware now can harm Windows devices using a UEFI bootkit that it inserts in the Windows Boot Manager. FinFisher (also known as FinSpy and Wingbird) is an inspection solution generated by the Gamma Group that also arrives with malware-like capabilities often discover in spyware strains. The developer says it\u2019s sold completely to [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-09-29T13:07:12+00:00","article_modified_time":"2021-09-29T13:07:13+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/09\/How-FinFisher-Malware-Steals-Windows-Boot-Manager-with-UEFI-Bootkit-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"How FinFisher Malware Steals Windows Boot Manager with UEFI Bootkit?","datePublished":"2021-09-29T13:07:12+00:00","dateModified":"2021-09-29T13:07:13+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/"},"wordCount":624,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Breaches"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/","url":"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/","name":"How FinFisher Malware Steals Windows Boot Manager with UEFI Bootkit? - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-09-29T13:07:12+00:00","dateModified":"2021-09-29T13:07:13+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/how-finfisher-malware-steals-windows-boot-manager-with-uefi-bootkit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How FinFisher Malware Steals Windows Boot Manager with UEFI Bootkit?"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3285"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=3285"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3285\/revisions"}],"predecessor-version":[{"id":3289,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3285\/revisions\/3289"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/3287"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=3285"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=3285"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=3285"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}