{"id":4129,"date":"2022-01-04T20:25:18","date_gmt":"2022-01-04T14:55:18","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=4129"},"modified":"2022-01-04T20:25:20","modified_gmt":"2022-01-04T14:55:20","slug":"how-purple-fox-malware-distributed-through-malicious-telegram-installers","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/","title":{"rendered":"How Purple Fox Malware Distributed through Malicious Telegram Installers?"},"content":{"rendered":"\n<p><p style=\"text-align: justify;\">A malicious Telegram for Desktop installer distributes the purple Fox malware to install more malicious payloads on the affected devices. The installer is a compiled AutoIt script named \u201cTelegram Desktop.exe\u201d that drops multiple files, a real Telegram installer, and a malicious downloader.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">During the appropriate Telegram, installer dropped alongside the downloader isn\u2019t run, the AutoIT program does run the downloader.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">When TextInputh.exe is executed, it will create a new folder under \u201cC:\\Users\\Public\\Videos\u201d and connect to the C2 to download a 7z utility and a RAR archive (1.rar). The archive contains the payload and the configuration files, while the 7z program unpacks everything onto the ProgramData folder.<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"570\" height=\"145\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/How-Purple-Fox-Malware-Distributed-through-Malicious-Telegram-Installers-image1.png\" alt=\"How-Purple-Fox-Malware-Distributed-through-Malicious-Telegram-Installers-image1\" class=\"wp-image-4132\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/How-Purple-Fox-Malware-Distributed-through-Malicious-Telegram-Installers-image1.png 570w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/How-Purple-Fox-Malware-Distributed-through-Malicious-Telegram-Installers-image1-300x76.png 300w\" sizes=\"(max-width: 570px) 100vw, 570px\" \/><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How to P<\/strong>erforms the following actions onto the compromised machine?<\/h2>\n\n\n\n<ul><li>Copies 360.tct with \u201c360.dll\u201d name, rundll3222.exe, and svchost.txt to the ProgramData folder<\/li><li>Executes ojbk.exe with the \u201cojbk.exe -a\u201d command line<\/li><li>Deletes 1.rar and 7zz.exe and exits the process&nbsp; &nbsp;<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/How-Purple-Fox-Malware-Distributed-through-Malicious-Telegram-Installers-image2.jpg\" alt=\"How-Purple-Fox-Malware-Distributed-through-Malicious-Telegram-Installers-image2\" class=\"wp-image-4133\" width=\"468\" height=\"508\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/How-Purple-Fox-Malware-Distributed-through-Malicious-Telegram-Installers-image2.jpg 536w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/How-Purple-Fox-Malware-Distributed-through-Malicious-Telegram-Installers-image2-276x300.jpg 276w\" sizes=\"(max-width: 468px) 100vw, 468px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify;\">Next, a registry key is created for persistence, a DLL (rundll3222.dll) disables UAC, the payload (scvhost.txt) is executed, and the following five additional files are dropped onto the infected system:<\/p><\/p>\n\n\n\n<ul><li>Calldriver.exe<\/li><li>Driver.sys<\/li><li>dll.dll<\/li><li>kill.bat<\/li><li>speedmem2.hg<\/li><\/ul>\n\n\n\n<p><p style=\"text-align: justify;\">The purpose of these extra files is to collectively block the initiation of 360 AV processes and prevent the detection of Purple Fox on the compromised machine. The next step for the malware is to gather basic system information, check if any security tools are running on it, and finally send all that to a hardcoded C2 address.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Once this reconnaissance process is completed, Purple Fox is downloaded from the C2 in the form of a .msi file that contains encrypted shellcode for both 32 and 64-bit systems. Upon execution of Purple Fox, the infected machine will be restarted for the new registry settings to take effect, most importantly, the disabled User Account Control (UAC).<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What  are the three registry keys to archives this?<\/h2>\n\n\n\n<ul><li>HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System ConsentPromptBehaviorAdmin<\/li><li>HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA<\/li><li>HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\PromptOnSecure<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"315\" height=\"407\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/How-Purple-Fox-Malware-Distributed-through-Malicious-Telegram-Installers-image3.jpg\" alt=\"How-Purple-Fox-Malware-Distributed-through-Malicious-Telegram-Installers-image3\" class=\"wp-image-4134\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/How-Purple-Fox-Malware-Distributed-through-Malicious-Telegram-Installers-image3.jpg 315w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/How-Purple-Fox-Malware-Distributed-through-Malicious-Telegram-Installers-image3-232x300.jpg 232w\" sizes=\"(max-width: 315px) 100vw, 315px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify;\">Desktop Disabling avoiding UAC is essential because it provides any program that executes on the infected system, including viruses and malware, administrator privileges. In general, UAC prevents the unauthorized installation of apps or the changing of system settings, so it should stay active on Windows at all times.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Undermining it allows Purple Fox to execute malicious functions such as file search and exfiltration, process killing, omission of data, downloading and executing code, and actually advancing to other Windows systems.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">At this time, it is weird how the malware is being distributed but similar malware campaigns impersonating legitimate software were distributed through YouTube videos, forum spam, and shady software sites.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A malicious Telegram for Desktop installer distributes the purple Fox malware to install more malicious payloads on the affected devices. The installer is a compiled AutoIt script named \u201cTelegram Desktop.exe\u201d that drops multiple files, a real Telegram installer, and a malicious downloader. During the appropriate Telegram, installer dropped alongside the downloader isn\u2019t run, the AutoIT [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":4131,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How Purple Fox Malware Distributed through Malicious Telegram Installers? - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Purple Fox Malware Distributed through Malicious Telegram Installers? - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"A malicious Telegram for Desktop installer distributes the purple Fox malware to install more malicious payloads on the affected devices. The installer is a compiled AutoIt script named \u201cTelegram Desktop.exe\u201d that drops multiple files, a real Telegram installer, and a malicious downloader. During the appropriate Telegram, installer dropped alongside the downloader isn\u2019t run, the AutoIT [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-04T14:55:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-01-04T14:55:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/How-Purple-Fox-Malware-Distributed-through-Malicious-Telegram-Installers-featured-image.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"How Purple Fox Malware Distributed through Malicious Telegram Installers?\",\"datePublished\":\"2022-01-04T14:55:18+00:00\",\"dateModified\":\"2022-01-04T14:55:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/\"},\"wordCount\":463,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/\",\"url\":\"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/\",\"name\":\"How Purple Fox Malware Distributed through Malicious Telegram Installers? - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2022-01-04T14:55:18+00:00\",\"dateModified\":\"2022-01-04T14:55:20+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Purple Fox Malware Distributed through Malicious Telegram Installers?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Purple Fox Malware Distributed through Malicious Telegram Installers? - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/","og_locale":"en_US","og_type":"article","og_title":"How Purple Fox Malware Distributed through Malicious Telegram Installers? - Xiarch Solutions Private Limited","og_description":"A malicious Telegram for Desktop installer distributes the purple Fox malware to install more malicious payloads on the affected devices. The installer is a compiled AutoIt script named \u201cTelegram Desktop.exe\u201d that drops multiple files, a real Telegram installer, and a malicious downloader. During the appropriate Telegram, installer dropped alongside the downloader isn\u2019t run, the AutoIT [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2022-01-04T14:55:18+00:00","article_modified_time":"2022-01-04T14:55:20+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/How-Purple-Fox-Malware-Distributed-through-Malicious-Telegram-Installers-featured-image.png","type":"image\/png"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"How Purple Fox Malware Distributed through Malicious Telegram Installers?","datePublished":"2022-01-04T14:55:18+00:00","dateModified":"2022-01-04T14:55:20+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/"},"wordCount":463,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/","url":"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/","name":"How Purple Fox Malware Distributed through Malicious Telegram Installers? - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2022-01-04T14:55:18+00:00","dateModified":"2022-01-04T14:55:20+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/how-purple-fox-malware-distributed-through-malicious-telegram-installers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How Purple Fox Malware Distributed through Malicious Telegram Installers?"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/4129"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=4129"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/4129\/revisions"}],"predecessor-version":[{"id":4135,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/4129\/revisions\/4135"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/4131"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=4129"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=4129"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=4129"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}