{"id":578,"date":"2019-12-23T15:50:51","date_gmt":"2019-12-23T12:50:51","guid":{"rendered":"https:\/\/airome.tech\/?p=578"},"modified":"2023-06-22T17:04:13","modified_gmt":"2023-06-22T14:04:13","slug":"op-wocao-china-linked-apt20-was-able-to-bypass-2fa","status":"publish","type":"post","link":"https:\/\/airome.tech\/id\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/","title":{"rendered":"Op Wocao \u2013 China-linked APT20 was able to bypass 2FA"},"content":{"rendered":"<p>Security experts from cyber-security firm Fox-IT warns of a new wave of attacks, tracked as Operation Wocao, carried out by China-linked cyber espionage group APT20 that has been bypassing 2FA.<\/p>\n<p>The attacks aimed at government entities and managed service providers (MSPs) that were active in many industries, including aviation, healthcare, finance, insurance, energy, and gambling.<\/p>\n<p>The APT20 group has been active since at least 2011, but experts did not associate any campaign with this threat actors between 2016 and 2017.<\/p>\n<p>Over the last two years, the group targeted government and large corporate networks by attempting to exploit vulnerabilities in the JBoss open-source application server.<\/p>\n<p>\u201cOperation Wocao (\u6211\u64cd, \u201cW\u01d2 \u201d, used as \u201cshit\u201d or \u201cdamn\u201d) is the name that Fox-IT uses to describe the hacking activities of a Chinese based hacking group.\u201d reads the report published by Fox-IT.<\/p>\n<p>\u201cIn several cases the initial access point into a victim network was a vulnerable webserver, often versions of JBoss. Such vulnerable servers were observed to often already be compromised with webshells, placed there by other threat actors. The actor actually leverages these other webshells for reconnaissance and initial lateral movement activity. \u201c<\/p>\n<div class=\"special\">\n<p class=\"title\">Our comments<\/p>\n<p><img decoding=\"async\" style=\"position: absolute; width: 6em; height: 6em; display: block; border-radius: 50%; top: -1em; border: 2px solid #cecece;\" src=\"https:\/\/airome.tech\/wp-content\/uploads\/2019\/12\/melnichenko.jpg\" \/><\/p>\n<p class=\"name\">Dr. Pavel Melnichenko<\/p>\n<p class=\"position\">Chief Technology Officer<\/p>\n<p>An exciting case that proves again that OTP-tokens can be techcnically bypassed even if they were developed by big brands.<\/p>\n<p>Unlike standard OTP-based tokens, PayConfirm uses several components, including private key, to generate a signature. To get access to the private key, one should provide a secrete. Without teh private key unlock it will not be possible to confirm operations.<\/p>\n<p>Another interesting point about PayConfirm, that makes it different from OTP-based token, is the use of exact operation details to generate a digital confirmation. Thus, every operation goes through integrity control checks.<\/p>\n<p>As the result, it is impossible to generate any confirmation without the signer that knows the secret to unlock the key on one hand, and with strong intergrity control checks it&#8217;s impossible to persuade the client to sign any starnge operations as what you see is what you sign.<\/p>\n<\/div>\n<p>Once the hackers have gained access to these servers, they will deploy web shells for reconnaissance and lateral movements.<\/p>\n<p>In order to move laterally within the target networks, hackers used well-known techniques, such as dumping credentials from memory and accessing password managers on compromised systems.<\/p>\n<p>Attackers use stolen VPN credentials to securely connect the target network. According to the experts, the threat actor has been able to stay under the radar even using simple tools and techniques for their hacking campaigns.<\/p>\n<p>Fox-IT noticed that the APT20 group was able to abuse VPN accounts that were protected by 2FA, the experts believe that the group devised a specific technique to achieve this goal<\/p>\n<p>They speculated that the APT20 group stole an RSA SecurID software token from a compromised system, then used it on its systems to generate valid one-time codes and bypass 2FA.<\/p>\n<p>\u201cAn interesting observation in one of Fox-IT\u2019s incident response cases was that the actor steals a softtoken for RSA SecurID, which is typically generated on a separate device, such as a hardware token or mobile phone.\u201d continues the report. \u201cIn this specific case however, victims using the software could also use a software based token to generate 2 factor codes on their laptop. This usage scenario opens up multiple possibilities for an attacker with access to a victim\u2019s laptop to retrieve 2 factor codes used to connect to a VPN server\u201d<\/p>\n<h4>Conclusion<\/h4>\n<p>Anyway, the software token must be generated for a specific system, the threat actors were able to do it by retrieving information once inside the target network.<\/p>\n<p>\u201cAs it turns out, the actor does not actually need to go through the trouble of obtaining the victim\u2019s system specific value, because this specific value is only checked when importing the SecurID Token Seed, and has no relation to the seed used to generate actual 2-factor tokens. This means the actor can actually simply patch the check which verifies if the imported soft token was generated for this system, and does not need to bother with stealing the system specific value at all.\u201d continues the experts.<\/p>\n<p>\u201cIn short, all the actor has to do to make use of the 2 factor authentication codes is to steal an RSA SecurID Software Token and to patch 1 instruction, which results in the generation of valid tokens.\u201c<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-581\" src=\"https:\/\/airome.tech\/wp-content\/uploads\/2019\/12\/16-1.jpg\" alt=\"\" width=\"640\" height=\"360\" \/><\/p>\n<p>by Security Affairs<\/p>\n<p>Reference: <a href=\"https:\/\/securityaffairs.co\/wordpress\/95536\/apt\/apt20-op-wocao.html\">https:\/\/securityaffairs.co\/wordpress\/95536\/apt\/apt20-op-wocao.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>China-linked cyber espionage group APT20 has been bypassing two-factor authentication (2FA) in recent attacks<\/p>\n","protected":false},"author":5,"featured_media":581,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[58,11,27,131,53,130],"class_list":["post-578","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-criminal_cases","tag-2fa","tag-authentication","tag-fraud","tag-hacking-group","tag-stealing-otp","tag-token"],"translation":{"provider":"WPGlobus","version":"3.0.0","language":"id","enabled_languages":["en","id"],"languages":{"en":{"title":true,"content":true,"excerpt":true},"id":{"title":false,"content":false,"excerpt":false}}},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Op Wocao \u2013 China-linked APT20 was able to bypass 2FA - Airome<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/\" \/>\n<meta property=\"og:locale\" content=\"id_ID\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Op Wocao \u2013 China-linked APT20 was able to bypass 2FA - Airome\" \/>\n<meta property=\"og:url\" content=\"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/\" \/>\n<meta property=\"og:site_name\" content=\"Airome\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/airometech\" \/>\n<meta property=\"article:published_time\" content=\"2019-12-23T12:50:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-22T14:04:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/airome.tech\/wp-content\/uploads\/2019\/12\/16-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"360\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Airome Technologies\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@airome_tech\" \/>\n<meta name=\"twitter:site\" content=\"@airome_tech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Airome Technologies\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/\"},\"author\":{\"name\":\"Airome Technologies\",\"@id\":\"https:\/\/airome.tech\/#\/schema\/person\/4305f9424f28ed17c089815d871cf0fa\"},\"headline\":\"Op Wocao \u2013 China-linked APT20 was able to bypass 2FA\",\"datePublished\":\"2019-12-23T12:50:51+00:00\",\"dateModified\":\"2023-06-22T14:04:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/\"},\"wordCount\":739,\"publisher\":{\"@id\":\"https:\/\/airome.tech\/#organization\"},\"image\":{\"@id\":\"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/airome.tech\/wp-content\/uploads\/2019\/12\/16-1.jpg\",\"keywords\":[\"2FA\",\"authentication\",\"fraud\",\"hacking group\",\"stealing OTP\",\"token\"],\"articleSection\":[\"Industrial &amp; Criminal cases\"],\"inLanguage\":\"id-ID\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/\",\"url\":\"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/\",\"name\":\"Op Wocao \u2013 China-linked APT20 was able to bypass 2FA - Airome\",\"isPartOf\":{\"@id\":\"https:\/\/airome.tech\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/airome.tech\/wp-content\/uploads\/2019\/12\/16-1.jpg\",\"datePublished\":\"2019-12-23T12:50:51+00:00\",\"dateModified\":\"2023-06-22T14:04:13+00:00\",\"description\":\"An exciting case that proves again that OTP-tokens can be techcnically bypassed even if they were developed by big brands\",\"breadcrumb\":{\"@id\":\"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/#breadcrumb\"},\"inLanguage\":\"id-ID\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"id-ID\",\"@id\":\"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/#primaryimage\",\"url\":\"https:\/\/airome.tech\/wp-content\/uploads\/2019\/12\/16-1.jpg\",\"contentUrl\":\"https:\/\/airome.tech\/wp-content\/uploads\/2019\/12\/16-1.jpg\",\"width\":640,\"height\":360},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\",\"item\":\"https:\/\/airome.tech\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Op Wocao \u2013 China-linked APT20 was able to bypass 2FA\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/airome.tech\/#website\",\"url\":\"https:\/\/airome.tech\/\",\"name\":\"Airome\",\"description\":\"Simple. Mobile. Secure. Your mTAS.\",\"publisher\":{\"@id\":\"https:\/\/airome.tech\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/airome.tech\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"id-ID\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/airome.tech\/#organization\",\"name\":\"Airome\",\"url\":\"https:\/\/airome.tech\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"id-ID\",\"@id\":\"https:\/\/airome.tech\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/airome.tech\/wp-content\/uploads\/2020\/02\/logo-206.png\",\"contentUrl\":\"https:\/\/airome.tech\/wp-content\/uploads\/2020\/02\/logo-206.png\",\"width\":206,\"height\":64,\"caption\":\"Airome\"},\"image\":{\"@id\":\"https:\/\/airome.tech\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/airometech\",\"https:\/\/x.com\/airome_tech\",\"https:\/\/www.linkedin.com\/company\/airome\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/airome.tech\/#\/schema\/person\/4305f9424f28ed17c089815d871cf0fa\",\"name\":\"Airome Technologies\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"id-ID\",\"@id\":\"https:\/\/airome.tech\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cf1864c9ce26e9439ecfb0b95c8af0d14ba56239900be8267722a9e1193e0c98?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cf1864c9ce26e9439ecfb0b95c8af0d14ba56239900be8267722a9e1193e0c98?s=96&d=mm&r=g\",\"caption\":\"Airome Technologies\"},\"url\":\"https:\/\/airome.tech\/id\/author\/s-dvukhzhennov\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Op Wocao \u2013 China-linked APT20 was able to bypass 2FA - Airome","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/","og_locale":"id_ID","og_type":"article","og_title":"Op Wocao \u2013 China-linked APT20 was able to bypass 2FA - Airome","og_url":"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/","og_site_name":"Airome","article_publisher":"https:\/\/www.facebook.com\/airometech","article_published_time":"2019-12-23T12:50:51+00:00","article_modified_time":"2023-06-22T14:04:13+00:00","og_image":[{"width":640,"height":360,"url":"https:\/\/airome.tech\/wp-content\/uploads\/2019\/12\/16-1.jpg","type":"image\/jpeg"}],"author":"Airome Technologies","twitter_card":"summary_large_image","twitter_creator":"@airome_tech","twitter_site":"@airome_tech","twitter_misc":{"Written by":"Airome Technologies","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/#article","isPartOf":{"@id":"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/"},"author":{"name":"Airome Technologies","@id":"https:\/\/airome.tech\/#\/schema\/person\/4305f9424f28ed17c089815d871cf0fa"},"headline":"Op Wocao \u2013 China-linked APT20 was able to bypass 2FA","datePublished":"2019-12-23T12:50:51+00:00","dateModified":"2023-06-22T14:04:13+00:00","mainEntityOfPage":{"@id":"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/"},"wordCount":739,"publisher":{"@id":"https:\/\/airome.tech\/#organization"},"image":{"@id":"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/#primaryimage"},"thumbnailUrl":"https:\/\/airome.tech\/wp-content\/uploads\/2019\/12\/16-1.jpg","keywords":["2FA","authentication","fraud","hacking group","stealing OTP","token"],"articleSection":["Industrial &amp; Criminal cases"],"inLanguage":"id-ID"},{"@type":"WebPage","@id":"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/","url":"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/","name":"Op Wocao \u2013 China-linked APT20 was able to bypass 2FA - Airome","isPartOf":{"@id":"https:\/\/airome.tech\/#website"},"primaryImageOfPage":{"@id":"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/#primaryimage"},"image":{"@id":"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/#primaryimage"},"thumbnailUrl":"https:\/\/airome.tech\/wp-content\/uploads\/2019\/12\/16-1.jpg","datePublished":"2019-12-23T12:50:51+00:00","dateModified":"2023-06-22T14:04:13+00:00","description":"An exciting case that proves again that OTP-tokens can be techcnically bypassed even if they were developed by big brands","breadcrumb":{"@id":"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/#breadcrumb"},"inLanguage":"id-ID","potentialAction":[{"@type":"ReadAction","target":["https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/"]}]},{"@type":"ImageObject","inLanguage":"id-ID","@id":"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/#primaryimage","url":"https:\/\/airome.tech\/wp-content\/uploads\/2019\/12\/16-1.jpg","contentUrl":"https:\/\/airome.tech\/wp-content\/uploads\/2019\/12\/16-1.jpg","width":640,"height":360},{"@type":"BreadcrumbList","@id":"https:\/\/airome.tech\/op-wocao-china-linked-apt20-was-able-to-bypass-2fa\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430","item":"https:\/\/airome.tech\/"},{"@type":"ListItem","position":2,"name":"Op Wocao \u2013 China-linked APT20 was able to bypass 2FA"}]},{"@type":"WebSite","@id":"https:\/\/airome.tech\/#website","url":"https:\/\/airome.tech\/","name":"Airome","description":"Simple. Mobile. Secure. Your mTAS.","publisher":{"@id":"https:\/\/airome.tech\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/airome.tech\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"id-ID"},{"@type":"Organization","@id":"https:\/\/airome.tech\/#organization","name":"Airome","url":"https:\/\/airome.tech\/","logo":{"@type":"ImageObject","inLanguage":"id-ID","@id":"https:\/\/airome.tech\/#\/schema\/logo\/image\/","url":"https:\/\/airome.tech\/wp-content\/uploads\/2020\/02\/logo-206.png","contentUrl":"https:\/\/airome.tech\/wp-content\/uploads\/2020\/02\/logo-206.png","width":206,"height":64,"caption":"Airome"},"image":{"@id":"https:\/\/airome.tech\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/airometech","https:\/\/x.com\/airome_tech","https:\/\/www.linkedin.com\/company\/airome\/"]},{"@type":"Person","@id":"https:\/\/airome.tech\/#\/schema\/person\/4305f9424f28ed17c089815d871cf0fa","name":"Airome Technologies","image":{"@type":"ImageObject","inLanguage":"id-ID","@id":"https:\/\/airome.tech\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cf1864c9ce26e9439ecfb0b95c8af0d14ba56239900be8267722a9e1193e0c98?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cf1864c9ce26e9439ecfb0b95c8af0d14ba56239900be8267722a9e1193e0c98?s=96&d=mm&r=g","caption":"Airome Technologies"},"url":"https:\/\/airome.tech\/id\/author\/s-dvukhzhennov\/"}]}},"_links":{"self":[{"href":"https:\/\/airome.tech\/id\/wp-json\/wp\/v2\/posts\/578","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/airome.tech\/id\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/airome.tech\/id\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/airome.tech\/id\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/airome.tech\/id\/wp-json\/wp\/v2\/comments?post=578"}],"version-history":[{"count":5,"href":"https:\/\/airome.tech\/id\/wp-json\/wp\/v2\/posts\/578\/revisions"}],"predecessor-version":[{"id":1722,"href":"https:\/\/airome.tech\/id\/wp-json\/wp\/v2\/posts\/578\/revisions\/1722"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/airome.tech\/id\/wp-json\/wp\/v2\/media\/581"}],"wp:attachment":[{"href":"https:\/\/airome.tech\/id\/wp-json\/wp\/v2\/media?parent=578"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/airome.tech\/id\/wp-json\/wp\/v2\/categories?post=578"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/airome.tech\/id\/wp-json\/wp\/v2\/tags?post=578"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}