e39e7b370667db88b6fd90410873a312599e750e66708cab60e681e61b9c5c24

Analysis

max time kernel
146s
max time network
150s
resource
win10v191014

Sharing

Copy URL

Twitter E-mail

General

Target

1bbbae729c33ea1ff7f99ddca6317e05a4242d63
Sample

191018-jyewsk7k72
SHA256

e39e7b370667db88b6fd90410873a312599e750e66708cab60e681e61b9c5c24

Score

N/A

Malware Config

Extracted

Family

ursnif

Botnet

500

http://myhomesitter.fun

Attributes

dga_base_url
constitution.org/usdeclar.txt
dga_crc
1.320669898e+09
dga_season
10
dga_tlds
com

ru

org
dns_servers
107.174.86.134

107.175.127.22

rsa_pubkey.base64

serpent.plain

Signatures

ursnif family
family

Modifies Internet Explorer settings 1 TTPs 49 IoCs

adware spyware

Modify Registry

T1112

description	ioc	pid	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	5052	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{39788F1B-F1DD-11E9-BD7F-5E9D90D68279} = "0"	5052	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	5052	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	5052	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	5052	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	5052	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "241358585"	5052	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30770666"	5052	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	5052	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	5052	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "241358585"	5052	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30770666"	5052	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	5052	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c36c9cdac63c12448d84f1a7215689fa00000000020000000000106600000001000020000000de4e3e4082525558252f17423380bb385869887e6b506a50332bd9bec9adff31000000000e800000000200002000000046b808098ea295d9de2a11a751def4f17e4b7393cddcf2db232dda3890b2c40720000000ad39009c863c5d7425181967fd80818d9e907b2b7cd3c2e83f484d88a1da81404000000070304bdec5f944d3197c40d13eb20614e94db356469550ea4627ee231ee2347562b44537e38a5a8064b20c3b9799b2f02d30c138a119ae6030e910cb0575961e	5052	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10297613ea85d501	5052	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c36c9cdac63c12448d84f1a7215689fa000000000200000000001066000000010000200000006d139eb62e7b73271b9145ea82a9475bad3a0174679b353d3446b4d0ca4904a2000000000e80000000020000200000005bb39071aaf467acf88c264741d1d28a859618b1ecc5f68c55c5bfee7d2b372b20000000041e6d47e9087f5069700888f864aaf1c95dd2e58b26ba41f6b2505f0b6c6625400000002fe8b45f888838d9bc4ddfd3614fcadaad8492993504941bed674416aa10a5928f09eb434361ece450c1c8b6e01a87069e1ecd6c7d6dbcb2e3dac642f56efb51	5052	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0f68d13ea85d501	5052	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	2952	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{57412DE0-F1DD-11E9-BD7F-5E9D90D68279} = "0"	2952	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	2952	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	2952	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	2952	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c36c9cdac63c12448d84f1a7215689fa000000000200000000001066000000010000200000003af8488904141fdf1e3c77f463e02c84c273921747853a15cfec9220c242c1ef000000000e8000000002000020000000ab76463a46514dea37c680c0f321527a44b62ad1e3cab6e224c80f49b47195c120000000dbb2790e9f57ebb7d2d2d3d930140bdbc4d774ad0a1ff48d07761d56f8f6172040000000ee6206ded8c7fe61f4f86d5ee71cbb7a4151c57cc5a8b43cd2e13104b31873239ad33643c191e73f034f4404841e9bfbcae3c095186c39794811a46d7b7b8bd8	2952	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d075b71aea85d501	2952	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	2952	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	3924	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{64AA6B25-F1DD-11E9-BD7F-5E9D90D68279} = "0"	3924	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	3924	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	3924	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	3924	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c36c9cdac63c12448d84f1a7215689fa0000000002000000000010660000000100002000000051d05d0c84f7a8e367f55c439b7eb4481bedeef93c8a1a1e37adb5685dfc93db000000000e80000000020000200000003c0865ad8448464a16b13668fff13c4bb1341cce6096b5042b9c1d72c3e3294f200000008c8276ab15e9dfbea43ed00d5e1fc11eb31f2f4e1e1d6f3796a968ce3720c51740000000eafdf05b44b5c8b0ab0c469f2ba2d30090e4b22290355e1b904868ca85f539cd27142ad2bb1f4610653c198bcf24e541c908672438b561e485f16edf0263d0e4	3924	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90a3ee27ea85d501	3924	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	3924	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	936	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{71E8B7FC-F1DD-11E9-BD7F-5E9D90D68279} = "0"	936	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	936	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	936	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	936	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c36c9cdac63c12448d84f1a7215689fa00000000020000000000106600000001000020000000801ec95c9a56ed25397ed958850e2bafd2ac4056b8c5cca64fddf5358e87319c000000000e8000000002000020000000948b4695759411fe3c2dcadbeab6c916422255a2ce12642dbf4657305b2c4ddd20000000d0b2cf550dca0628a6306cd1ab00ae31c3398466a68ae302b8c74116e457468a40000000c485a8d88aeff86b26cc85db2cb59c978b204b72ea3aa1f4b28f0a8b64a3d2265967afb1d823b1b4554caa8cece59138e544a62fd07fcfc721e7f22c7c04d969	936	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07f6835ea85d501	936	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	936	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	420	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7F7CDCE5-F1DD-11E9-BD7F-5E9D90D68279} = "0"	420	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	420	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	420	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	420	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c36c9cdac63c12448d84f1a7215689fa0000000002000000000010660000000100002000000012fa329e4b11f96893210b55ddb2fd5ed10e555f3ee4bf28e0bd021564c80116000000000e8000000002000020000000def8722fa667be13126be552ee8f157eb8ff5c88e48e017c7493eab0b189f5602000000038a036339bfd3fc81ccd636f80df3eeac1c82b22c7de1f05dcc005d475068989400000009f19eb8511598cd6a61d6f4b8e113fd46c8130fd372b68a7b6582d28b9d912983d13a4e3d3d15cc2663e378a3c00b9790eb419302b854592225d7c1eb4b3de3f	420	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20941b43ea85d501	420	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-634046074-2673730973-2644684987-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	420	iexplore.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 5100	5052	iexplore.exe	74
PID 2952 wrote to memory of 4136	2952	iexplore.exe	76
PID 3924 wrote to memory of 4116	3924	iexplore.exe	81
PID 936 wrote to memory of 1292	936	iexplore.exe	89
PID 420 wrote to memory of 1980	420	iexplore.exe	91

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
5052	iexplore.exe
5100	IEXPLORE.EXE
2952	iexplore.exe
4136	IEXPLORE.EXE
3924	iexplore.exe
4116	IEXPLORE.EXE
936	iexplore.exe
1292	IEXPLORE.EXE
420	iexplore.exe
1980	IEXPLORE.EXE

Drops file in system dir 5 IoCs

description	ioc	pid	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	4548	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp	4548	svchost.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp	4548	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-2.tmp	4548	svchost.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-2.tmp	4548	svchost.exe

Checks system information in the registry (likely anti-VM) 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	pid	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	3788	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	3788	svchost.exe

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Modify Registry

T1112

description	ioc	pid	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\cval = "0"	3644	svchost.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\cval = "1"	3644	svchost.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
5052	iexplore.exe
2952	iexplore.exe
3924	iexplore.exe
936	iexplore.exe
420	iexplore.exe

Modifies service 2 TTPs 1 IoCs

persistence

Modify Registry

T1112

description	ioc	pid	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BITS\Performance\PerfMMFileName = "Global\\MMF_BITS8c405362-338d-4c4e-9af8-2d4f6cadf45d"	4548	svchost.exe

C:\Users\Admin\AppData\Local\Temp\1bbbae729c33ea1ff7f99ddca6317e05a4242d63.exe
"C:\Users\Admin\AppData\Local\Temp\1bbbae729c33ea1ff7f99ddca6317e05a4242d63.exe"
1⤵
PID:4876

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
PID:5052

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5052 CREDAT:82945 /prefetch:2
1⤵
- Suspicious use of SetWindowsHookEx
PID:5100

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
PID:2952

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:82945 /prefetch:2
1⤵
- Suspicious use of SetWindowsHookEx
PID:4136

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s BITS
1⤵
- Drops file in system dir
- Modifies service
PID:4548

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
1⤵
PID:4620

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s DoSvc
1⤵
- Checks system information in the registry (likely anti-VM)
PID:3788

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
PID:3924

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3924 CREDAT:82945 /prefetch:2
1⤵
- Suspicious use of SetWindowsHookEx
PID:4116

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
1⤵
PID:3952

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s wscsvc
1⤵
- Windows security modification
PID:3644

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
PID:936

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:936 CREDAT:82945 /prefetch:2
1⤵
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
PID:420

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:420 CREDAT:82945 /prefetch:2
1⤵
- Suspicious use of SetWindowsHookEx
PID:1980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

MITRE ATT&CK Additional techniques

T1089
T1031

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4876-0-0x0000000002BB1000-0x0000000002BC7000-memory.dmp

Filesize
88KB

Download
memory/4876-1-0x0000000004720000-0x0000000004721000-memory.dmp

Filesize
4KB

Download
memory/4876-2-0x0000000002980000-0x000000000298F000-memory.dmp

Filesize
60KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Additional techniques

Replay Monitor

Loading Replay Monitor...

Downloads