{"id":11617,"date":"2018-02-28T09:10:11","date_gmt":"2018-02-28T17:10:11","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/02\/28\/news-5388\/"},"modified":"2018-02-28T09:10:11","modified_gmt":"2018-02-28T17:10:11","slug":"news-5388","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/02\/28\/news-5388\/","title":{"rendered":"Encryption 101: ShiOne ransomware case study"},"content":{"rendered":"<p><strong>Credit to Author: Vasilios Hioureas| Date: Wed, 28 Feb 2018 16:00:00 +0000<\/strong><\/p>\n<p>In part one of this series, <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/02\/encryption-101-malware-analysts-primer\/\" target=\"_blank\" rel=\"noopener\">Encryption 101: a malware analyst&#8217;s primer<\/a>, we introduced some of the basic encryption concepts used in malware. If you haven&#8217;t read it, we suggest going back for a review, as it&#8217;s necessary in order to be able to fully follow part two, our case study. In this study, we will be reviewing the encryption of the ransomware ShiOne line by line.<\/p>\n<p>The main focus of this case study will be to fully understand an example of the encryption process that ransomware can use.\u00a0We are using ShiOne as the practical portion of the lesson not because it is particularly unique or uses any novel techniques, but just the opposite: It&#8217;s relatively straight-forward and is written in C#, which will make it much easier to show key components.<\/p>\n<h3>Encryption method<\/h3>\n<p>In the previous article, we spoke of a couple different encryption methods ransomware can use. They include the following:<\/p>\n<ul>\n<li>The encryption keys are generated locally on the victim computer and sent up to the C2 server.<\/li>\n<li>Keys are generated pre-distribution and embedded within the ransomware.<\/li>\n<\/ul>\n<p>For this particular sample, we will be showing the second case. The encryption keys are generated offline and embedded into the malware before being sent out for an attack.<\/p>\n<p>When I say the encryption keys are generated offline and embedded, I am speaking specifically of the asymmetric keys. We will see going forward that we have both RSA and AES encryption algorithms used in this ransomware.<\/p>\n<p>AES is a symmetric algorithm, which means that the same key used to encrypt will also be used to decrypt. You can think of it as a password to encrypt and decrypt. The keys for AES are actually generated dynamically and stored within the file itself. The actual file encryption for this ransomware uses this AES encryption.<\/p>\n<p>RSA is the asymmetric part of this process\u2014the pre-generated and embedded part. It is there to hide the AES key (password), which encrypts each file. Only the public key of the RSA pair is inside of this malware because it is only doing the encryption portion. In ransomware, it is actually very common to see this combination of symmetric\/asymmetric encryption being used.<\/p>\n<h3>Main encryption function<\/h3>\n<p style=\"text-align: left\">The sample we analyzed was:<\/p>\n<p class=\"p1\" style=\"text-align: left\"><em><span class=\"s1\">408a97ac8fb82398187ffe6d4c5937d7<\/span><\/em><\/p>\n<p>After skipping past initialization and the portion of the malware that enumerates the files in the drive, (as this is quite standard and does not need any extra explanation), we get to the main encryption function below called\u00a0crtp(string path).<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-21587 aligncenter\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/1.png\" alt=\"\" width=\"2082\" height=\"868\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/1.png 2082w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/1-300x125.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/1-600x250.png 600w\" sizes=\"auto, (max-width: 2082px) 100vw, 2082px\" \/><\/p>\n<p>This function is called from the main directory enumeration loop, and as such, it will be called separately for each file it finds. It is the only function in the program that calls any cryptographic APIs or random number generators. Off the bat, this tells us that it is likely that a unique key will be used to encrypt each file.<\/p>\n<p>I want to add one note. As stated earlier, the main encryption keys are generated offline and embedded into the malware by its author. In contrast, if this were the type of ransomware that generates the main keys locally, then we would definitely be seeing crypto functions being called before the directory search loop, outside of the crpt function. Again, this is not the case here, which is why we skipped the initialization code of this malware.<\/p>\n<p>Let&#8217;s walk through the details of the crtp function:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-21588 aligncenter\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/2.png\" alt=\"\" width=\"2080\" height=\"1160\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/2.png 2080w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/2-300x167.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/2-600x335.png 600w\" sizes=\"auto, (max-width: 2080px) 100vw, 2080px\" \/><\/p>\n<p>The encryption process starts off by calling: <strong>string text = Program.CreateSalt(32);<\/strong><\/p>\n<p>This is a user-defined function that simply calls a standard encryption API to generate an array of 32 random numbers. This function is actually quite important because the random byte array here is used later as the (password) AES key for encryption. It will give each file on the victim&#8217;s computer a unique encryption because a new key is generated for each file. So, even if two files are identical on the user&#8217;s system, they will have different ciphertext.<\/p>\n<h4>Details of the\u00a0<strong>CreateSalt function<\/strong><\/h4>\n<pre class=\"brush: plain; title: ; notranslate\">   \/\/FUNCTION PROGRAM.CREATESALT() {  RNGCryptoServiceProvider rNGCryptoServiceProvider = new RNGCryptoServiceProvider();  byte[] array = new byte[size];   rNGCryptoServiceProvider.GetBytes(array);   return Convert.ToBase64String(array);   <\/pre>\n<p>This really is the most important number generated in this entire malware because it is what the purchased key from the ransomware will allow you to access in order to decrypt each file.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-21812 aligncenter\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/flowchartBasic-1.png\" alt=\"\" width=\"1608\" height=\"1118\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/flowchartBasic-1.png 1608w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/flowchartBasic-1-300x209.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/flowchartBasic-1-600x417.png 600w\" sizes=\"auto, (max-width: 1608px) 100vw, 1608px\" \/><\/p>\n<h3>Random number generator<\/h3>\n<p>Before continuing on,\u00a0I want to mention briefly some details about the RNG (random number generator).<\/p>\n<p><strong> RNGCryptoServiceProvider<\/strong> is the default implementation of a security standard compliant random number generator. It is a stronger cryptographically random number. A weak alternative to this is\u00a0<strong>System.Random.<\/strong>\u00a0It is a simpler calculation, and can be much more easily replicated by a hacker, or in our case, a malware analyst.\u00a0Still, there are some malware authors who use System.Random, and in those cases, there is a possibility for decryption. <u>The RNG is something as an analyst you should be paying attention to<\/u>, which is why I thought it deserved mention here.<\/p>\n<p>We concluded that this sample is using a strong RNG, so we can continue on.<\/p>\n<p>We will now skip the details of the next section of code, which simply filters what file types the ransomware wants to encrypt. It is easy to understand and plays no role in the actual encryption process itself.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-21590 aligncenter\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/4.png\" alt=\"\" width=\"2074\" height=\"570\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/4.png 2074w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/4-300x82.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/4-600x165.png 600w\" sizes=\"auto, (max-width: 2074px) 100vw, 2074px\" \/><\/p>\n<p>This now brings us to the next code block, which creates another random array using the same RNG internal functions as before:<\/p>\n<p><strong>byte[] array = Program.GenerateRandomSalt();<\/strong><\/p>\n<p>I am not including the details of the\u00a0<strong>GenerateRandomSalt()\u00a0<\/strong>function because it is not much different from the previous code.\u00a0This array will be used as salt for the main file encryption, which will be explained later on in the code flow.<\/p>\n<p>Next, the ransomware takes the first number that was generated at the beginning of the array (text variable), and calls a function to encrypt it for storage:<\/p>\n<p><strong>string s = Program.Encryption(text)<\/strong><\/p>\n<p>As stated above, that set of numbers will actually be used as the AES key going forward. To be clear, the text\u00a0variable is used as a key in its plain text form, but is then encrypted and tacked on to the end of the file for storage. The flowchart above illustrates this point.<\/p>\n<h3>Encryption functionality<\/h3>\n<p>Here&#8217;s how the encryption works during the attack. The ransomware:<\/p>\n<ul>\n<li>Generates RSA public and private keys (either locally or pre-generated offline).<\/li>\n<li>Generates a random number as input (password) for generating the AES key.<\/li>\n<li>Encrypts files using the newly-created AES key.<\/li>\n<li>Encrypts the AES key with RSA public key.<\/li>\n<li>Appends the encrypted AES key within the encrypted file.<\/li>\n<\/ul>\n<p>Here&#8217;s how threat actors decrypt the file after the ransom has been paid. They:<\/p>\n<ul>\n<li>Find the encrypted file.<\/li>\n<li>Search the file for the encrypted AES password.<\/li>\n<li>Read into memory for the encrypted password seed for the AES key.<\/li>\n<li>Use the RSA private key to decrypt the AES password.<\/li>\n<li>Use this plaintext password as input for AES decrypt.<\/li>\n<\/ul>\n<p>The details of the\u00a0<strong>Encryption(text)<\/strong> function are shown below.<\/p>\n<h6>[The highlighted line is where the ransomware is pulling the embedded public key.] <img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-21592\" style=\"font-size: 16px\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/6.png\" alt=\"\" width=\"2100\" height=\"50\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/6.png 2100w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/6-300x7.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/6-600x14.png 600w\" sizes=\"auto, (max-width: 2100px) 100vw, 2100px\" \/><br \/> <img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-21591 aligncenter\" style=\"font-size: 16px\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/5.png\" alt=\"\" width=\"1426\" height=\"644\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/5.png 1426w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/5-300x135.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/5-600x271.png 600w\" sizes=\"auto, (max-width: 1426px) 100vw, 1426px\" \/><\/h6>\n<p>The ransomware starts by taking the public key, which is embedded in the executable itself, and uses that to encrypt the passed in random number (text AKA, AES key password) using RSA 2048.<\/p>\n<p><strong>NOTE<\/strong>: This function has nothing to do with the actual file encryption. It is simply used by the ransomware to hide its AES key to the user. In practice, this function could be completely skipped and would have no effect on the functionality of the actual file encryptor.<\/p>\n<p>The important thing to take away from this is that the <u>public key was embedded into the malware<\/u>. This means that the RSA keys were not generated dynamically, implying that the RSA public and private key pair were generated on the malware server side, so only the author has access to the decryption key.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-21943\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/encryptionFlowCHartFIUXED-600x412.png\" alt=\"\" width=\"600\" height=\"412\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/encryptionFlowCHartFIUXED-600x412.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/encryptionFlowCHartFIUXED-300x206.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<h3>Performing the encryption<\/h3>\n<p>At this point, the ransomware has everything it needs to perform the unique encryption for the current file.\u00a0 The encryption used in this particular case is AES in CBC mode (cipher block chaining). What this means is that it will loop through the data of the original file to be encrypted and the file&#8217;s data will be encrypted in chunks, or blocks. Each iteration of the loop is encrypting a sequential block of data from the original file.<\/p>\n<pre class=\"brush: plain; title: ; notranslate\">    for (i = 0; i &amp;amp;amp;amp;lt; num; i += array3.Length)  {  int len = fileStream.Read(array2, 0, array2.Length);  array3 = Program.AES_(array2, bytes, array, len);  fileStream.Seek((long)i, SeekOrigin.Begin);  fileStream.Write(array3, 0, array3.Length);  }    <\/pre>\n<p>Lets go deeper into this function:\u00a0<strong>array3 = Program.AES_(array2, bytes, array, len); <\/strong>as this will be the function that actually performs the file encryption.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-21944\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/FileEncryptionFlow-1-600x596.png\" alt=\"\" width=\"600\" height=\"596\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/FileEncryptionFlow-1-600x596.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/FileEncryptionFlow-1-150x150.png 150w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/FileEncryptionFlow-1-300x298.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/FileEncryptionFlow-1.png 990w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>Going over the parameters to AES_ function,<strong> array2<\/strong> is the original file data, <strong>bytes<\/strong>\u00a0is the &#8220;password&#8221; random number generated at the beginning with\u00a0<strong>Program.CreateSalt(32);\u00a0<\/strong>and\u00a0<strong>array\u00a0<\/strong>is the second random array generated as salt for the encryption process created with\u00a0<strong>Program.GenerateRandomSalt();\u00a0<\/strong>Of course,\u00a0<strong>len\u00a0<\/strong>is the length of the data from the file to be encrypted.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-21593 aligncenter\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/7.png\" alt=\"\" width=\"2062\" height=\"762\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/7.png 2062w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/7-300x111.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/7-600x222.png 600w\" sizes=\"auto, (max-width: 2062px) 100vw, 2062px\" \/><\/p>\n<p>As you can see here, the method for actually encrypting the file is AES. The algorithm uses salt to further randomize the &#8220;<strong>passwordBytes<\/strong>&#8221; (AES KEY) passed in. This is standard for AES. AES CBC mode requires an initialization vector as spoken of earlier, and you can see it here in the code. The function of <strong>generateIV()\u00a0<\/strong>is simply another random number generator. It then performs the AES encryption, block by block, on the original file data. Each block that is encrypted actually uses a different IV. This will be tacked on to the end of that block&#8217;s encrypted bytes. This is important because the decryption algorithm needs to know what IV was used for the current block.<\/p>\n<p>Now in the final stage of the crypt function, after the file has been fully encrypted, the ransomware starts out by writing the salt value into the file. Then it writes out the RSA encrypted AES password, and finally, the actual encrypted file data (ciphertext). Again, this ciphertext includes the salt values for each block.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-21615 aligncenter\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/20.png\" alt=\"\" width=\"1062\" height=\"380\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/20.png 1062w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/20-300x107.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/20-600x215.png 600w\" sizes=\"auto, (max-width: 1062px) 100vw, 1062px\" \/><\/p>\n<p>When the decryptor software runs, it will cycle each file and read in the salt value. It will then decrypt the AES key using the RSA private key, which will be embedded into the decryptor. Finally, it will read in the encrypted file data and IVs. It now has everything it needs to reverse the encryption.<\/p>\n<h3>Conclusion<\/h3>\n<p>In this case study, we covered the detailed functionality of a standard file encryptor. Tune in for part three of the Encryption 101 series, where we will be covering weaknesses in encryption, analyzing an example of ransomware implementing weak encryption, and discussing how to create a file decryptor.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/02\/encryption-101-shione-ransomware-case-study\/\">Encryption 101: ShiOne ransomware case study<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/02\/encryption-101-shione-ransomware-case-study\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Vasilios Hioureas| Date: Wed, 28 Feb 2018 16:00:00 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/02\/encryption-101-shione-ransomware-case-study\/' title='Encryption 101: ShiOne ransomware case study'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/02\/encryption-1.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>In this case study on ShiOne ransomware, part of our Encryption 101 series, we will be reviewing the encryption process line by line and showing the different methods ransomware can use to encrypt files.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/cybercrime\/malware\/\" rel=\"category tag\">Malware<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/threat-analysis\/\" rel=\"category tag\">Threat analysis<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/encryption\/\" rel=\"tag\">encryption<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/encryption-functionality\/\" rel=\"tag\">encryption functionality<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/encryption-methods\/\" rel=\"tag\">encryption methods<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/malware\/\" rel=\"tag\">malware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ransomware\/\" rel=\"tag\">ransomware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/shione\/\" rel=\"tag\">ShiOne<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/shione-ransomware\/\" rel=\"tag\">ShiOne ransomware<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/02\/encryption-101-shione-ransomware-case-study\/' title='Encryption 101: ShiOne ransomware case study'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/02\/encryption-101-shione-ransomware-case-study\/\">Encryption 101: ShiOne ransomware case study<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10439,17651,17652,3764,3765,17653,17654,10494],"class_list":["post-11617","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-encryption","tag-encryption-functionality","tag-encryption-methods","tag-malware","tag-ransomware","tag-shione","tag-shione-ransomware","tag-threat-analysis"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11617","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11617"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11617\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11617"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11617"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11617"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}