darkcomet | b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea

General

Target

b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe
Size

1.5MB
MD5

175d4a702cd0982cb40ea858c2f93441
SHA1

703f6b9ac5e02e628473e5c2314fc4ac9adb481a
SHA256

b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea
SHA512

b55c0e7fb1911044837b2f9f0aabb41b3da5252e5fee99ffa50c8241ce93b5be98dcc05dde08519bf95adf12640df99d6c75dad7cdc96a3ba68907db03990c88

Score

10^/10

darkcomet runescape persistence rat trojan upx

Malware Config

Extracted

Family

darkcomet

Botnet

Runescape

C2

mrsnickers03.no-ip.biz:340

Mutex

DC_MUTEX-6ZFK11A

Attributes

gencode
uNwew4gojxtu
install
false
offline_keylogger
true
persistence
false

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Executes dropped EXE 3 IoCs

Processes:

ichader.exeichader.exeichader.exe

pid process

1516 ichader.exe
3900 ichader.exe
4008 ichader.exe

pid	process
1516	ichader.exe
3900	ichader.exe
4008	ichader.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3112-4-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/memory/3112-6-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/memory/3112-7-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/memory/4008-30-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/4008-36-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/4008-39-0x0000000000400000-0x00000000004B7000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Windows\CurrentVersion\Run	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Windows\CurrentVersion\Run\java = "C:\\Users\\Admin\\AppData\\Roaming\\IDM\\ichader.exe"	reg.exe

Suspicious use of SetThreadContext 5 IoCs

Processes:

b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exeichader.exe

description	pid	process	target process
PID 648 set thread context of 3716	648	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	svchost.exe
PID 648 set thread context of 3112	648	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe
PID 1516 set thread context of 3888	1516	ichader.exe	svchost.exe
PID 1516 set thread context of 3900	1516	ichader.exe	ichader.exe
PID 1516 set thread context of 4008	1516	ichader.exe	ichader.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

508 3716 WerFault.exe svchost.exe

pid	pid_target	process	target process
508	3716	WerFault.exe	svchost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

svchost.exe

pid	process
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe
3888	svchost.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

ichader.exeichader.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	4008	ichader.exe
Token: SeSecurityPrivilege	4008	ichader.exe
Token: SeTakeOwnershipPrivilege	4008	ichader.exe
Token: SeLoadDriverPrivilege	4008	ichader.exe
Token: SeSystemProfilePrivilege	4008	ichader.exe
Token: SeSystemtimePrivilege	4008	ichader.exe
Token: SeProfSingleProcessPrivilege	4008	ichader.exe
Token: SeIncBasePriorityPrivilege	4008	ichader.exe
Token: SeCreatePagefilePrivilege	4008	ichader.exe
Token: SeBackupPrivilege	4008	ichader.exe
Token: SeRestorePrivilege	4008	ichader.exe
Token: SeShutdownPrivilege	4008	ichader.exe
Token: SeDebugPrivilege	4008	ichader.exe
Token: SeSystemEnvironmentPrivilege	4008	ichader.exe
Token: SeChangeNotifyPrivilege	4008	ichader.exe
Token: SeRemoteShutdownPrivilege	4008	ichader.exe
Token: SeUndockPrivilege	4008	ichader.exe
Token: SeManageVolumePrivilege	4008	ichader.exe
Token: SeImpersonatePrivilege	4008	ichader.exe
Token: SeCreateGlobalPrivilege	4008	ichader.exe
Token: 33	4008	ichader.exe
Token: 34	4008	ichader.exe
Token: 35	4008	ichader.exe
Token: 36	4008	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe
Token: SeDebugPrivilege	3900	ichader.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exeb3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exeichader.exesvchost.exeichader.exeichader.exe

pid	process
648	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe
3112	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe
1516	ichader.exe
3888	svchost.exe
3900	ichader.exe
4008	ichader.exe

Suspicious use of WriteProcessMemory 46 IoCs

Processes:

b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exeb3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.execmd.exeichader.exe

description	pid	process	target process
PID 648 wrote to memory of 3716	648	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	svchost.exe
PID 648 wrote to memory of 3716	648	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	svchost.exe
PID 648 wrote to memory of 3716	648	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	svchost.exe
PID 648 wrote to memory of 3716	648	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	svchost.exe
PID 648 wrote to memory of 3112	648	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe
PID 648 wrote to memory of 3112	648	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe
PID 648 wrote to memory of 3112	648	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe
PID 648 wrote to memory of 3112	648	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe
PID 648 wrote to memory of 3112	648	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe
PID 648 wrote to memory of 3112	648	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe
PID 648 wrote to memory of 3112	648	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe
PID 648 wrote to memory of 3112	648	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe
PID 3112 wrote to memory of 184	3112	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	cmd.exe
PID 3112 wrote to memory of 184	3112	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	cmd.exe
PID 3112 wrote to memory of 184	3112	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	cmd.exe
PID 184 wrote to memory of 2416	184	cmd.exe	reg.exe
PID 184 wrote to memory of 2416	184	cmd.exe	reg.exe
PID 184 wrote to memory of 2416	184	cmd.exe	reg.exe
PID 3112 wrote to memory of 1516	3112	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	ichader.exe
PID 3112 wrote to memory of 1516	3112	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	ichader.exe
PID 3112 wrote to memory of 1516	3112	b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe	ichader.exe
PID 1516 wrote to memory of 3888	1516	ichader.exe	svchost.exe
PID 1516 wrote to memory of 3888	1516	ichader.exe	svchost.exe
PID 1516 wrote to memory of 3888	1516	ichader.exe	svchost.exe
PID 1516 wrote to memory of 3888	1516	ichader.exe	svchost.exe
PID 1516 wrote to memory of 3888	1516	ichader.exe	svchost.exe
PID 1516 wrote to memory of 3888	1516	ichader.exe	svchost.exe
PID 1516 wrote to memory of 3888	1516	ichader.exe	svchost.exe
PID 1516 wrote to memory of 3888	1516	ichader.exe	svchost.exe
PID 1516 wrote to memory of 3888	1516	ichader.exe	svchost.exe
PID 1516 wrote to memory of 3900	1516	ichader.exe	ichader.exe
PID 1516 wrote to memory of 3900	1516	ichader.exe	ichader.exe
PID 1516 wrote to memory of 3900	1516	ichader.exe	ichader.exe
PID 1516 wrote to memory of 3900	1516	ichader.exe	ichader.exe
PID 1516 wrote to memory of 3900	1516	ichader.exe	ichader.exe
PID 1516 wrote to memory of 3900	1516	ichader.exe	ichader.exe
PID 1516 wrote to memory of 3900	1516	ichader.exe	ichader.exe
PID 1516 wrote to memory of 3900	1516	ichader.exe	ichader.exe
PID 1516 wrote to memory of 4008	1516	ichader.exe	ichader.exe
PID 1516 wrote to memory of 4008	1516	ichader.exe	ichader.exe
PID 1516 wrote to memory of 4008	1516	ichader.exe	ichader.exe
PID 1516 wrote to memory of 4008	1516	ichader.exe	ichader.exe
PID 1516 wrote to memory of 4008	1516	ichader.exe	ichader.exe
PID 1516 wrote to memory of 4008	1516	ichader.exe	ichader.exe
PID 1516 wrote to memory of 4008	1516	ichader.exe	ichader.exe
PID 1516 wrote to memory of 4008	1516	ichader.exe	ichader.exe

C:\Users\Admin\AppData\Local\Temp\b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe
"C:\Users\Admin\AppData\Local\Temp\b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:648

C:\Windows\SysWOW64\svchost.exe
"C:\Windows\system32\svchost.exe"
2⤵
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 92
3⤵
- Program crash
PID:508

C:\Users\Admin\AppData\Local\Temp\b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe
"C:\Users\Admin\AppData\Local\Temp\b3fa952967142383572df3400a9041a5f38982342cbb632f3ad0e6c7ac6105ea.exe"
2⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3112

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EPMLP.bat" "
3⤵
- Suspicious use of WriteProcessMemory
PID:184

C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "java" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\IDM\ichader.exe" /f
4⤵
- Adds Run key to start application
PID:2416

C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
"C:\Users\Admin\AppData\Roaming\IDM\ichader.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1516

C:\Windows\SysWOW64\svchost.exe
"C:\Windows\system32\svchost.exe"
4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3888

C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
"C:\Users\Admin\AppData\Roaming\IDM\ichader.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3900

C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
"C:\Users\Admin\AppData\Roaming\IDM\ichader.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4008

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\EPMLP.bat
MD5
92353035f01403e26aa2ff51c3963238

SHA1
d13f167c73bfce23a2deab8ce7c4ce9f78759ff4

SHA256
2e72a8542f8f809bfb1e4adfb481c7c5e6dc00dda7970c74692ba8d83ea0a870

SHA512
74560e33477caae3c7bc13914e4ae3c6911bbcfe257b2833155c236a158db0aca17478beb9d97f648ff1ea566005260f511361771c74203195107f4e82cce7df

Download Submit
C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
MD5
e92ba6ee7a729451ed54815c40f8a744

SHA1
3afd92af18686086047d11d4545b885eb964dbbd

SHA256
891fb91c8411f1e38146387805d376b3b7c5af0a08b3e5994162ce12d5ffcfed

SHA512
0a4a08a185c1babfe669623b938a06144d8f4f75a81d4e3f001b3d19c763f5bc1d06d43a1f2d3db9b37a0b73c0ff3eb6eacb460c84d02f07087118f2ebfdf9c3

Download Submit
C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
MD5
e92ba6ee7a729451ed54815c40f8a744

SHA1
3afd92af18686086047d11d4545b885eb964dbbd

SHA256
891fb91c8411f1e38146387805d376b3b7c5af0a08b3e5994162ce12d5ffcfed

SHA512
0a4a08a185c1babfe669623b938a06144d8f4f75a81d4e3f001b3d19c763f5bc1d06d43a1f2d3db9b37a0b73c0ff3eb6eacb460c84d02f07087118f2ebfdf9c3

Download Submit
C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
MD5
e92ba6ee7a729451ed54815c40f8a744

SHA1
3afd92af18686086047d11d4545b885eb964dbbd

SHA256
891fb91c8411f1e38146387805d376b3b7c5af0a08b3e5994162ce12d5ffcfed

SHA512
0a4a08a185c1babfe669623b938a06144d8f4f75a81d4e3f001b3d19c763f5bc1d06d43a1f2d3db9b37a0b73c0ff3eb6eacb460c84d02f07087118f2ebfdf9c3

Download Submit
C:\Users\Admin\AppData\Roaming\IDM\ichader.exe
MD5
e92ba6ee7a729451ed54815c40f8a744

SHA1
3afd92af18686086047d11d4545b885eb964dbbd

SHA256
891fb91c8411f1e38146387805d376b3b7c5af0a08b3e5994162ce12d5ffcfed

SHA512
0a4a08a185c1babfe669623b938a06144d8f4f75a81d4e3f001b3d19c763f5bc1d06d43a1f2d3db9b37a0b73c0ff3eb6eacb460c84d02f07087118f2ebfdf9c3

Download Submit
memory/184-11-0x0000000000000000-mapping.dmp

Download
memory/508-10-0x0000000004D80000-0x0000000004D81000-memory.dmp

Filesize
4KB

Download
memory/1516-14-0x0000000000000000-mapping.dmp

Download
memory/1516-17-0x0000000073520000-0x00000000735B3000-memory.dmp

Filesize
588KB

Download
memory/2416-13-0x0000000000000000-mapping.dmp

Download
memory/3112-7-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3112-6-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3112-4-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3112-5-0x00000000004085D0-mapping.dmp

Download
memory/3716-3-0x000000000040B000-mapping.dmp

Download
memory/3888-23-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3888-22-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3888-21-0x000000000040B000-mapping.dmp

Download
memory/3888-20-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3900-27-0x00000000004085D0-mapping.dmp

Download
memory/3900-29-0x0000000073520000-0x00000000735B3000-memory.dmp

Filesize
588KB

Download
memory/4008-30-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4008-31-0x00000000004B5210-mapping.dmp

Download
memory/4008-34-0x0000000073520000-0x00000000735B3000-memory.dmp

Filesize
588KB

Download
memory/4008-36-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/4008-39-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads