f990daf6364d6aeb0a8482a8fdab098b5790f29f2f34dd38ef4a83ac36827fe9

General

Target

uncategorized_3.0.0.0b.vir.exe
Size

1.2MB
MD5

8e326a09b93cc447d0ea9a3992bb4962
SHA1

0a57892f4f92507f0f3405228274c5bfeb1103c5
SHA256

f990daf6364d6aeb0a8482a8fdab098b5790f29f2f34dd38ef4a83ac36827fe9
SHA512

1d4bf0071adef111a8166220f2089e6c4b4eace02a82eb306920cac9d12460173932bc76a83aba57db9331fa473a59035ba8ad05d9a748ceb6d7abc32e992c2a

Score

8^/10

upx persistence

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

uncategorized_3.0.0.0b.vir.exelyna.exeWinMail.exe

pid process

1604 uncategorized_3.0.0.0b.vir.exe
1792 lyna.exe
1608 WinMail.exe

pid	process
1604	uncategorized_3.0.0.0b.vir.exe
1792	lyna.exe
1608	WinMail.exe

Suspicious use of SetThreadContext 5 IoCs

Processes:

uncategorized_3.0.0.0b.vir.exelyna.exetaskhost.exe

description	pid	process	target process
PID 1604 set thread context of 1080	1604	uncategorized_3.0.0.0b.vir.exe	uncategorized_3.0.0.0b.vir.exe
PID 1792 set thread context of 1864	1792	lyna.exe	lyna.exe
PID 1140 set thread context of 1736	1140	taskhost.exe	svchost.exe
PID 1140 set thread context of 1544	1140	taskhost.exe	svchost.exe
PID 1140 set thread context of 1544	1140	taskhost.exe	svchost.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

uncategorized_3.0.0.0b.vir.exetaskhost.exeWinMail.exe

description	pid	process
Token: SeSecurityPrivilege	1080	uncategorized_3.0.0.0b.vir.exe
Token: SeSecurityPrivilege	1140	taskhost.exe
Token: SeManageVolumePrivilege	1608	WinMail.exe

NTFS ADS 1 IoCs

Processes:

WinMail.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\30FC6460-00000001.eml:OECustomProperty	WinMail.exe

Executes dropped EXE 2 IoCs

Processes:

lyna.exelyna.exe

pid process

1792 lyna.exe
1864 lyna.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1900 cmd.exe
Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

WinMail.exeExplorer.EXE

pid process

1608 WinMail.exe
1320 Explorer.EXE
1320 Explorer.EXE
1320 Explorer.EXE
1320 Explorer.EXE

pid	process
1792	lyna.exe
1864	lyna.exe

pid	process
1900	cmd.exe

pid	process
1608	WinMail.exe
1320	Explorer.EXE
1320	Explorer.EXE
1320	Explorer.EXE
1320	Explorer.EXE

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

taskhost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Windows\Currentversion\Run	taskhost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Windows\CurrentVersion\Run\{C05EE5F6-D950-9011-DCFF-F48EFC1AEED0} = "C:\\Users\\Admin\\AppData\\Roaming\\Makiyx\\lyna.exe"	taskhost.exe

Loads dropped DLL 2 IoCs

Processes:

uncategorized_3.0.0.0b.vir.exe

pid process

1080 uncategorized_3.0.0.0b.vir.exe
1080 uncategorized_3.0.0.0b.vir.exe

pid	process
1080	uncategorized_3.0.0.0b.vir.exe
1080	uncategorized_3.0.0.0b.vir.exe

Suspicious use of WriteProcessMemory 107 IoCs

Processes:

uncategorized_3.0.0.0b.vir.exeuncategorized_3.0.0.0b.vir.exelyna.exelyna.exetaskhost.exe

description	pid	process	target process
PID 1604 wrote to memory of 1080	1604	uncategorized_3.0.0.0b.vir.exe	uncategorized_3.0.0.0b.vir.exe
PID 1604 wrote to memory of 1080	1604	uncategorized_3.0.0.0b.vir.exe	uncategorized_3.0.0.0b.vir.exe
PID 1604 wrote to memory of 1080	1604	uncategorized_3.0.0.0b.vir.exe	uncategorized_3.0.0.0b.vir.exe
PID 1604 wrote to memory of 1080	1604	uncategorized_3.0.0.0b.vir.exe	uncategorized_3.0.0.0b.vir.exe
PID 1604 wrote to memory of 1080	1604	uncategorized_3.0.0.0b.vir.exe	uncategorized_3.0.0.0b.vir.exe
PID 1604 wrote to memory of 1080	1604	uncategorized_3.0.0.0b.vir.exe	uncategorized_3.0.0.0b.vir.exe
PID 1604 wrote to memory of 1080	1604	uncategorized_3.0.0.0b.vir.exe	uncategorized_3.0.0.0b.vir.exe
PID 1604 wrote to memory of 1080	1604	uncategorized_3.0.0.0b.vir.exe	uncategorized_3.0.0.0b.vir.exe
PID 1604 wrote to memory of 1080	1604	uncategorized_3.0.0.0b.vir.exe	uncategorized_3.0.0.0b.vir.exe
PID 1080 wrote to memory of 1792	1080	uncategorized_3.0.0.0b.vir.exe	lyna.exe
PID 1080 wrote to memory of 1792	1080	uncategorized_3.0.0.0b.vir.exe	lyna.exe
PID 1080 wrote to memory of 1792	1080	uncategorized_3.0.0.0b.vir.exe	lyna.exe
PID 1080 wrote to memory of 1792	1080	uncategorized_3.0.0.0b.vir.exe	lyna.exe
PID 1792 wrote to memory of 1864	1792	lyna.exe	lyna.exe
PID 1792 wrote to memory of 1864	1792	lyna.exe	lyna.exe
PID 1792 wrote to memory of 1864	1792	lyna.exe	lyna.exe
PID 1792 wrote to memory of 1864	1792	lyna.exe	lyna.exe
PID 1792 wrote to memory of 1864	1792	lyna.exe	lyna.exe
PID 1792 wrote to memory of 1864	1792	lyna.exe	lyna.exe
PID 1792 wrote to memory of 1864	1792	lyna.exe	lyna.exe
PID 1792 wrote to memory of 1864	1792	lyna.exe	lyna.exe
PID 1792 wrote to memory of 1864	1792	lyna.exe	lyna.exe
PID 1864 wrote to memory of 1140	1864	lyna.exe	taskhost.exe
PID 1864 wrote to memory of 1140	1864	lyna.exe	taskhost.exe
PID 1864 wrote to memory of 1140	1864	lyna.exe	taskhost.exe
PID 1864 wrote to memory of 1140	1864	lyna.exe	taskhost.exe
PID 1864 wrote to memory of 1140	1864	lyna.exe	taskhost.exe
PID 1864 wrote to memory of 1140	1864	lyna.exe	taskhost.exe
PID 1864 wrote to memory of 1140	1864	lyna.exe	taskhost.exe
PID 1080 wrote to memory of 1900	1080	uncategorized_3.0.0.0b.vir.exe	cmd.exe
PID 1080 wrote to memory of 1900	1080	uncategorized_3.0.0.0b.vir.exe	cmd.exe
PID 1080 wrote to memory of 1900	1080	uncategorized_3.0.0.0b.vir.exe	cmd.exe
PID 1080 wrote to memory of 1900	1080	uncategorized_3.0.0.0b.vir.exe	cmd.exe
PID 1140 wrote to memory of 1284	1140	taskhost.exe	Dwm.exe
PID 1140 wrote to memory of 1284	1140	taskhost.exe	Dwm.exe
PID 1140 wrote to memory of 1284	1140	taskhost.exe	Dwm.exe
PID 1140 wrote to memory of 1284	1140	taskhost.exe	Dwm.exe
PID 1140 wrote to memory of 1284	1140	taskhost.exe	Dwm.exe
PID 1140 wrote to memory of 1284	1140	taskhost.exe	Dwm.exe
PID 1140 wrote to memory of 1284	1140	taskhost.exe	Dwm.exe
PID 1140 wrote to memory of 1284	1140	taskhost.exe	Dwm.exe
PID 1140 wrote to memory of 1284	1140	taskhost.exe	Dwm.exe
PID 1140 wrote to memory of 1284	1140	taskhost.exe	Dwm.exe
PID 1864 wrote to memory of 1320	1864	lyna.exe	Explorer.EXE
PID 1864 wrote to memory of 1320	1864	lyna.exe	Explorer.EXE
PID 1864 wrote to memory of 1320	1864	lyna.exe	Explorer.EXE
PID 1864 wrote to memory of 1320	1864	lyna.exe	Explorer.EXE
PID 1864 wrote to memory of 1320	1864	lyna.exe	Explorer.EXE
PID 1864 wrote to memory of 1320	1864	lyna.exe	Explorer.EXE
PID 1864 wrote to memory of 1320	1864	lyna.exe	Explorer.EXE
PID 1140 wrote to memory of 1864	1140	taskhost.exe	lyna.exe
PID 1140 wrote to memory of 1864	1140	taskhost.exe	lyna.exe
PID 1140 wrote to memory of 1864	1140	taskhost.exe	lyna.exe
PID 1140 wrote to memory of 1864	1140	taskhost.exe	lyna.exe
PID 1140 wrote to memory of 1864	1140	taskhost.exe	lyna.exe
PID 1140 wrote to memory of 1864	1140	taskhost.exe	lyna.exe
PID 1140 wrote to memory of 1864	1140	taskhost.exe	lyna.exe
PID 1864 wrote to memory of 540	1864	lyna.exe	DllHost.exe
PID 1864 wrote to memory of 540	1864	lyna.exe	DllHost.exe
PID 1864 wrote to memory of 540	1864	lyna.exe	DllHost.exe
PID 1864 wrote to memory of 540	1864	lyna.exe	DllHost.exe
PID 1864 wrote to memory of 540	1864	lyna.exe	DllHost.exe
PID 1864 wrote to memory of 540	1864	lyna.exe	DllHost.exe
PID 1864 wrote to memory of 540	1864	lyna.exe	DllHost.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

Processes:

lyna.exetaskhost.exesvchost.exe

pid	process
1864	lyna.exe
1140	taskhost.exe
1864	lyna.exe
1864	lyna.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1544	svchost.exe
1544	svchost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe
1140	taskhost.exe

Suspicious use of SendNotifyMessage 5 IoCs

Processes:

WinMail.exeExplorer.EXE

pid process

1608 WinMail.exe
1320 Explorer.EXE
1320 Explorer.EXE
1320 Explorer.EXE
1320 Explorer.EXE

pid	process
1608	WinMail.exe
1320	Explorer.EXE
1320	Explorer.EXE
1320	Explorer.EXE
1320	Explorer.EXE

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1544-87-0x0000000000400000-0x000000000065D000-memory.dmp	upx
behavioral1/memory/1544-89-0x0000000000400000-0x000000000065D000-memory.dmp	upx

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

5 checkip.dyndns.org

flow	ioc
5	checkip.dyndns.org

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

taskhost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Privacy	taskhost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	taskhost.exe

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
- Suspicious behavior: EnumeratesProcesses
- Modifies Internet Explorer settings
PID:1140

C:\Windows\SysWOW64\svchost.exe
"C:\Windows\SysWOW64\svchost.exe" --HiddenServiceDir "C:\Users\Admin\AppData\Roaming\tor\hidden_service" --HiddenServicePort "1080 127.0.0.1:10224" --HiddenServicePort "5900 127.0.0.1:29489"
2⤵
PID:1736

C:\Windows\SysWOW64\svchost.exe
"C:\Windows\SysWOW64\svchost.exe" --HiddenServiceDir "C:\Users\Admin\AppData\Roaming\tor\hidden_service" --HiddenServicePort "1080 127.0.0.1:10224" --HiddenServicePort "5900 127.0.0.1:29489"
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1544

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1284

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1320

C:\Users\Admin\AppData\Local\Temp\uncategorized_3.0.0.0b.vir.exe
"C:\Users\Admin\AppData\Local\Temp\uncategorized_3.0.0.0b.vir.exe"
2⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1604

C:\Users\Admin\AppData\Local\Temp\uncategorized_3.0.0.0b.vir.exe
"C:\Users\Admin\AppData\Local\Temp\uncategorized_3.0.0.0b.vir.exe"
3⤵
- Suspicious use of AdjustPrivilegeToken
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1080

C:\Users\Admin\AppData\Roaming\Makiyx\lyna.exe
"C:\Users\Admin\AppData\Roaming\Makiyx\lyna.exe"
4⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of SetThreadContext
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1792

C:\Users\Admin\AppData\Roaming\Makiyx\lyna.exe
"C:\Users\Admin\AppData\Roaming\Makiyx\lyna.exe"
5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
- Suspicious behavior: EnumeratesProcesses
PID:1864

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp4e2d232d.bat"
4⤵
- Deletes itself
PID:1900

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:540

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of AdjustPrivilegeToken
- NTFS ADS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1608

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-16189879891614305083-2024210134110729736320945407761204191454125514183-2104888288"
1⤵
PID:1976

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp4e2d232d.bat

Download Submit
C:\Users\Admin\AppData\Roaming\Makiyx\lyna.exe

Download Submit
C:\Users\Admin\AppData\Roaming\Makiyx\lyna.exe

Download Submit
C:\Users\Admin\AppData\Roaming\Makiyx\lyna.exe

Download Submit
\Users\Admin\AppData\Roaming\Makiyx\lyna.exe

Download Submit
\Users\Admin\AppData\Roaming\Makiyx\lyna.exe

Download Submit
memory/1080-2-0x0000000000400000-0x0000000000524000-memory.dmp

Filesize
1.1MB

Download
memory/1080-3-0x00000000004FE533-mapping.dmp

Download
memory/1080-4-0x0000000000400000-0x0000000000524000-memory.dmp

Filesize
1.1MB

Download
memory/1140-16-0x00000000024D0000-0x0000000002591000-memory.dmp

Filesize
772KB

Download
memory/1544-316-0x0000000003210000-0x0000000003221000-memory.dmp

Filesize
68KB

Download
memory/1544-315-0x0000000002E00000-0x0000000002E11000-memory.dmp

Filesize
68KB

Download
memory/1544-317-0x0000000002E00000-0x0000000002E11000-memory.dmp

Filesize
68KB

Download
memory/1544-92-0x0000000002E00000-0x0000000002E11000-memory.dmp

Filesize
68KB

Download
memory/1544-91-0x0000000003210000-0x0000000003221000-memory.dmp

Filesize
68KB

Download
memory/1544-90-0x0000000002E00000-0x0000000002E11000-memory.dmp

Filesize
68KB

Download
memory/1544-89-0x0000000000400000-0x000000000065D000-memory.dmp

Filesize
2.4MB

Download
memory/1544-88-0x000000000065A740-mapping.dmp

Download
memory/1544-87-0x0000000000400000-0x000000000065D000-memory.dmp

Filesize
2.4MB

Download
memory/1544-86-0x00000000000A0000-0x00000000001C4000-memory.dmp

Filesize
1.1MB

Download
memory/1608-47-0x00000000044B0000-0x00000000044B2000-memory.dmp

Filesize
8KB

Download
memory/1608-56-0x0000000004CC0000-0x0000000004CC2000-memory.dmp

Filesize
8KB

Download
memory/1608-33-0x0000000003D70000-0x0000000003D72000-memory.dmp

Filesize
8KB

Download
memory/1608-36-0x0000000003AD0000-0x0000000003AD2000-memory.dmp

Filesize
8KB

Download
memory/1608-37-0x0000000003AD0000-0x0000000003AD2000-memory.dmp

Filesize
8KB

Download
memory/1608-38-0x0000000004010000-0x0000000004012000-memory.dmp

Filesize
8KB

Download
memory/1608-39-0x0000000003DA0000-0x0000000003DA2000-memory.dmp

Filesize
8KB

Download
memory/1608-40-0x0000000003D50000-0x0000000003D52000-memory.dmp

Filesize
8KB

Download
memory/1608-41-0x0000000003D50000-0x0000000003D52000-memory.dmp

Filesize
8KB

Download
memory/1608-42-0x0000000004040000-0x0000000004042000-memory.dmp

Filesize
8KB

Download
memory/1608-43-0x0000000004020000-0x0000000004022000-memory.dmp

Filesize
8KB

Download
memory/1608-44-0x0000000003D80000-0x0000000003D82000-memory.dmp

Filesize
8KB

Download
memory/1608-45-0x0000000004490000-0x0000000004492000-memory.dmp

Filesize
8KB

Download
memory/1608-46-0x00000000044A0000-0x00000000044A2000-memory.dmp

Filesize
8KB

Download
memory/1608-31-0x0000000003AE0000-0x0000000003AE2000-memory.dmp

Filesize
8KB

Download
memory/1608-48-0x00000000044D0000-0x00000000044D2000-memory.dmp

Filesize
8KB

Download
memory/1608-49-0x0000000004570000-0x0000000004572000-memory.dmp

Filesize
8KB

Download
memory/1608-50-0x0000000004580000-0x0000000004582000-memory.dmp

Filesize
8KB

Download
memory/1608-51-0x0000000004610000-0x0000000004612000-memory.dmp

Filesize
8KB

Download
memory/1608-52-0x0000000004AA0000-0x0000000004AA2000-memory.dmp

Filesize
8KB

Download
memory/1608-53-0x0000000004B30000-0x0000000004B32000-memory.dmp

Filesize
8KB

Download
memory/1608-54-0x0000000004CA0000-0x0000000004CA2000-memory.dmp

Filesize
8KB

Download
memory/1608-55-0x0000000004CB0000-0x0000000004CB2000-memory.dmp

Filesize
8KB

Download
memory/1608-32-0x0000000003AD0000-0x0000000003AD2000-memory.dmp

Filesize
8KB

Download
memory/1608-57-0x0000000004CD0000-0x0000000004CD2000-memory.dmp

Filesize
8KB

Download
memory/1608-58-0x0000000003BF0000-0x0000000003BF2000-memory.dmp

Filesize
8KB

Download
memory/1608-59-0x0000000003D30000-0x0000000003D32000-memory.dmp

Filesize
8KB

Download
memory/1608-60-0x0000000004AC0000-0x0000000004AC2000-memory.dmp

Filesize
8KB

Download
memory/1608-61-0x0000000004AD0000-0x0000000004AD2000-memory.dmp

Filesize
8KB

Download
memory/1608-62-0x0000000004AE0000-0x0000000004AE2000-memory.dmp

Filesize
8KB

Download
memory/1608-63-0x0000000004AF0000-0x0000000004AF2000-memory.dmp

Filesize
8KB

Download
memory/1608-64-0x0000000004B00000-0x0000000004B02000-memory.dmp

Filesize
8KB

Download
memory/1608-65-0x00000000038A0000-0x0000000003AA0000-memory.dmp

Filesize
2.0MB

Download
memory/1608-66-0x00000000039A0000-0x0000000003AA0000-memory.dmp

Filesize
1024KB

Download
memory/1608-67-0x0000000002400000-0x0000000002410000-memory.dmp

Filesize
64KB

Download
memory/1608-73-0x00000000023A0000-0x00000000023B0000-memory.dmp

Filesize
64KB

Download
memory/1608-19-0x00000000038A0000-0x00000000039A0000-memory.dmp

Filesize
1024KB

Download
memory/1608-21-0x00000000038A0000-0x0000000003AA0000-memory.dmp

Filesize
2.0MB

Download
memory/1608-30-0x0000000003AF0000-0x0000000003AF2000-memory.dmp

Filesize
8KB

Download
memory/1608-29-0x0000000003AD0000-0x0000000003AD2000-memory.dmp

Filesize
8KB

Download
memory/1608-25-0x00000000039A0000-0x0000000003AA0000-memory.dmp

Filesize
1024KB

Download
memory/1608-24-0x00000000038A0000-0x0000000003AA0000-memory.dmp

Filesize
2.0MB

Download
memory/1608-23-0x00000000038A0000-0x00000000039A0000-memory.dmp

Filesize
1024KB

Download
memory/1736-84-0x0000000000200000-0x0000000000324000-memory.dmp

Filesize
1.1MB

Download
memory/1792-7-0x0000000000000000-mapping.dmp

Download
memory/1864-80-0x00000000004FE533-mapping.dmp

Download
memory/1864-13-0x00000000004FE533-mapping.dmp

Download
memory/1900-17-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads