{"id":1429,"date":"2026-02-19T21:00:53","date_gmt":"2026-02-19T21:00:53","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/"},"modified":"2026-02-19T21:00:53","modified_gmt":"2026-02-19T21:00:53","slug":"under-the-hood-of-dynowiper-thu-feb-19th","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/","title":{"rendered":"Under the Hood of DynoWiper, (Thu, Feb 19th)"},"content":{"rendered":"
\n

[This is a Guest Diary contributed by John Moutos]<\/span><\/span><\/p>\n

Overview<\/h3>\n

In this post, I’m going over my analysis of DynoWiper, a wiper family that was discovered during attacks against Polish energy companies in late December of 2025. ESET Research [1] and CERT Polska [2] have linked the activity and supporting malware to infrastructure and tradecraft associated with Russian state-aligned threat actors, with ESET assessing the campaign as consistent with operations attributed to Russian APT Sandworm [3], who are notorious for attacking Ukrainian companies and infrastructure, with major incidents spanning throughout years 2015, 2016, 2017, 2018, and 2022. For more insight into Sandworm or the chain of compromise leading up to the deployment of DynoWiper, ESET and CERT Polska published their findings in great detail, and I highly recommend reading them for context.<\/p>\n

IOCs<\/h3>\n

The sample analyzed in this post is a 32-bit Windows executable, and is version A of DynoWiper.<\/p>\n

SHA-256<\/strong> 835b0d87ed2d49899ab6f9479cddb8b4e03f5aeb2365c50a51f9088dcede68d5 [4]<\/p>\n

Initial Inspection<\/h3>\n

To start, I ran the binary straight through DIE [5] (Detect It Easy) catch any quick wins regarding packing or\u00a0obfuscation, but this sample does not appear to utilize either (unsurprising for wiper malware). To IDA [6]\u00a0we go!<\/p>\n

\"Figure<\/p>\n

Figure 1: Detect It Easy<\/p>\n

PRNG Setup<\/h3>\n

Jumping right past the CRT setup to the WinMain function, DynoWiper first initializes a Mersenne Twister\u00a0PRNG (MT19937) context, with the fixed seed value of 5489 and a state size of 624.<\/p>\n

\"Figure<\/p>\n

Figure 2: Main Function
\n\u00a0<\/p>\n

\"Figure<\/p>\n

Figure 3: Mersenne Twister Init<\/p>\n

The MT19937 state is then re-seeded and reinitialized with a random value generated using\u00a0std::random_device, the 624 word state is rebuilt, and a 16-byte value is generated.<\/p>\n

\"Figure<\/p>\n

Figure 4: Mersenne Twister Seed<\/p>\n

Data Corruption<\/h3>\n

Immediately following the PRNG setup, the data corruption logic is executed.<\/p>\n

\"Figure<\/p>\n

Figure 5: Data Corruption Logic<\/p>\n

Drives attached to the target host are enumerated with GetLogicalDrives(), and GetDriveTypeW() is used to identify the drive type, to ensure only fixed or removable drives are added to the target drive\u00a0vector.<\/p>\n

\"Figure<\/p>\n

Figure 6: Drive Enumeration<\/p>\n

Directories and files on said target drives are walked recursively using FindFirstFileW() and FindNextFileW(), while skipping the following protected \/ OS directories to avoid instability during the\u00a0corruption process.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Excluded Directories<\/th>\n<\/tr>\n<\/thead>\n
system32<\/td>\n<\/tr>\n
windows<\/td>\n<\/tr>\n
program files<\/td>\n<\/tr>\n
program files(x86)<\/td>\n<\/tr>\n
temp<\/td>\n<\/tr>\n
recycle.bin<\/td>\n<\/tr>\n
$recycle.bin<\/td>\n<\/tr>\n
boot<\/td>\n<\/tr>\n
perflogs<\/td>\n<\/tr>\n
appdata<\/td>\n<\/tr>\n
documents and settings<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\"Figure<\/p>\n

\"Figure<\/p>\n

Figures 7-8: Directory Traversal<\/p>\n

For each applicable file, attributes are cleared with SetFileAttributesW()<\/span>, and a handle to the file is\u00a0created using CreateFileW()<\/span>. The file size is obtained using GetFileSize()<\/span>, and the start of the file\u00a0located through SetFilePointerEx()<\/span>. A 16 byte junk data buffer derived from the PRNG context is\u00a0written to the start of the file using WriteFile()<\/span>. In cases where the file size exceeds 16 bytes, pseudo-random locations throughout the file are generated, with the count determined by the file size, and a\u00a0maximum count of 4096. The current file pointer is again repositioned to each generated location with\u00a0SetFilePointerEx()<\/span>, and the same 16 byte data buffer is written again, continuing the file corruption process.<\/p>\n

\"Figure<\/p>\n

Figure 9: Random File Offset Generation<\/p>\n

\"Figure<\/p>\n

Figure 10: File Corruption<\/p>\n

Data Deletion<\/h3>\n

With all the target files damaged and the data corruption process complete, the data deletion process\u00a0begins<\/p>\n

\"Figure<\/p>\n

Figure 11: Data Deletion Logic<\/p>\n

Similar to the file corruption process, drives attached to the target host are enumerated, target\u00a0directories are walked recursively and target files are removed with DeleteFileW() instead of writing\u00a0junk data, as seen in the file corruption logic<\/p>\n

\"Figure<\/p>\n

Figure 12: File Deletion<\/p>\n

To finish, the wiper obtains its own process token using OpenProcessToken()<\/span>, enables\u00a0SeShutdownPrivilege through AdjustTokenPrivileges()<\/span>, and issues a system reboot with\u00a0ExitWindowsEx()<\/span>.<\/p>\n

\"Figure<\/p>\n

Figure 13: Token Modification and Shutdown<\/p>\n

MITRE ATT&CK Mapping<\/h3>\n
    \n
  • Discovery (TA0007)\n
      \n
    • T1680: Local Storage Discovery<\/li>\n
    • T1083: File and Directory Discovery\u00a0<\/li>\n<\/ul>\n<\/li>\n
    • Defense Evasion (TA0005)\n
        \n
      • T1222: File and Directory Permissions Modification\n
          \n
        • T1222.001: Windows File and Directory Permissions Modification<\/li>\n<\/ul>\n<\/li>\n
        • T1134: Access Token Manipulation<\/li>\n<\/ul>\n<\/li>\n
        • Privilege Escalation (TA0004)\n
            \n
          • T1134: Access Token Manipulation<\/li>\n<\/ul>\n<\/li>\n
          • Impact (TA0040)\u00a0\n
              \n
            • T1485: Data Destruction<\/li>\n
            • T1529: System Shutdown\/Reboot<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n

              References<\/h3>\n

              [1] https:\/\/www.welivesecurity.com\/en\/eset-research\/dynowiper-update-technical-analysis-attribution\/
              \n[2] https:\/\/cert.pl\/uploads\/docs\/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf
              \n[3] https:\/\/www.welivesecurity.com\/2022\/03\/21\/sandworm-tale-disruption-told-anew
              \n[4]\u00a0https:\/\/www.virustotal.com\/gui\/file\/835b0d87ed2d49899ab6f9479cddb8b4e03f5aeb2365c50a51f9088dcede68d5
              \n[5] https:\/\/github.com\/horsicq\/Detect-It-Easy
              \n[6] https:\/\/hex-rays.com<\/p>\n

              (c) SANS Internet Storm Center. https:\/\/isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

              [This is a Guest Diary contributed by John Moutos] Overview In this post, I’m going over my analysis of DynoWiper, a wiper family that was discovered during attacks against Polish energy companies in late December of 2025. ESET Research [1] and CERT Polska [2] have linked the activity and supporting malware to infrastructure and tradecraft […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[90],"tags":[91],"class_list":["post-1429","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cybersecurity"],"yoast_head":"\nUnder the Hood of DynoWiper, (Thu, Feb 19th) - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Under the Hood of DynoWiper, (Thu, Feb 19th) - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"[This is a Guest Diary contributed by John Moutos] Overview In this post, I’m going over my analysis of DynoWiper, a wiper family that was discovered during attacks against Polish energy companies in late December of 2025. ESET Research [1] and CERT Polska [2] have linked the activity and supporting malware to infrastructure and tradecraft […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-19T21:00:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/isc.sans.edu\/diaryimages\/images\/Figure1_die.png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"Under the Hood of DynoWiper, (Thu, Feb 19th)\",\"datePublished\":\"2026-02-19T21:00:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/\"},\"wordCount\":717,\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/isc.sans.edu\/diaryimages\/images\/Figure1_die.png\",\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/\",\"name\":\"Under the Hood of DynoWiper, (Thu, Feb 19th) - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/isc.sans.edu\/diaryimages\/images\/Figure1_die.png\",\"datePublished\":\"2026-02-19T21:00:53+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/#primaryimage\",\"url\":\"https:\/\/isc.sans.edu\/diaryimages\/images\/Figure1_die.png\",\"contentUrl\":\"https:\/\/isc.sans.edu\/diaryimages\/images\/Figure1_die.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Under the Hood of DynoWiper, (Thu, Feb 19th)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Under the Hood of DynoWiper, (Thu, Feb 19th) - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/","og_locale":"en_US","og_type":"article","og_title":"Under the Hood of DynoWiper, (Thu, Feb 19th) - Imperative Business Ventures Limited","og_description":"[This is a Guest Diary contributed by John Moutos] Overview In this post, I’m going over my analysis of DynoWiper, a wiper family that was discovered during attacks against Polish energy companies in late December of 2025. ESET Research [1] and CERT Polska [2] have linked the activity and supporting malware to infrastructure and tradecraft […]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-02-19T21:00:53+00:00","og_image":[{"url":"https:\/\/isc.sans.edu\/diaryimages\/images\/Figure1_die.png","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"Under the Hood of DynoWiper, (Thu, Feb 19th)","datePublished":"2026-02-19T21:00:53+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/"},"wordCount":717,"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/#primaryimage"},"thumbnailUrl":"https:\/\/isc.sans.edu\/diaryimages\/images\/Figure1_die.png","keywords":["Cybersecurity"],"articleSection":["Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/","name":"Under the Hood of DynoWiper, (Thu, Feb 19th) - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/#primaryimage"},"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/#primaryimage"},"thumbnailUrl":"https:\/\/isc.sans.edu\/diaryimages\/images\/Figure1_die.png","datePublished":"2026-02-19T21:00:53+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/#primaryimage","url":"https:\/\/isc.sans.edu\/diaryimages\/images\/Figure1_die.png","contentUrl":"https:\/\/isc.sans.edu\/diaryimages\/images\/Figure1_die.png"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/02\/19\/under-the-hood-of-dynowiper-thu-feb-19th\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"Under the Hood of DynoWiper, (Thu, Feb 19th)"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/1429","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=1429"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/1429\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=1429"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=1429"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=1429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}