21420b8630260dae7f0ea14a319a8b3ae6910def98599109b365f710e835b9c4

Analysis

max time kernel
51s
max time network
131s
platform
windows10_x64
resource
win10v20210408
submitted
14/04/2021, 06:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[email protected]
Size

1.3MB
MD5

645d774a869c582b2c46beed455321d4
SHA1

e94862c25377373f54ce668051df0d95d3746514
SHA256

21420b8630260dae7f0ea14a319a8b3ae6910def98599109b365f710e835b9c4
SHA512

2c7cc053ed79e52f7e2ae508d2d832e6efa0b9a24dc71158fbc25d829c3d9ad8aa8f5c04e7fff94152dacc04cc1d7604da147ee201d900efcbcc62fe95f15b81

Score

8^/10

evasion

Malware Config

Signatures

Modifies Windows Firewall 1 TTPs
evasion

Modify Existing Service
T1031

Drops desktop.ini file(s) 7 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\desktop.ini	[email protected]
File created	C:\$Recycle.Bin\S-1-5-21-1594587808-2047097707-2163810515-1000\desktop.ini	[email protected]
File created	C:\Program Files\desktop.ini	[email protected]
File opened for modification	C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini	[email protected]
File created	C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	[email protected]
File opened for modification	C:\$Recycle.Bin\S-1-5-21-1594587808-2047097707-2163810515-1000\desktop.ini	[email protected]

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msowerrelief.dll.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNBI.TTF.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.ConnectionUI.Dialog.dll.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Java\jre1.8.0_66\lib\resources.jar	[email protected]
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.LEX.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\BackupDismount.3gp.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms	[email protected]
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\classlist.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.png	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-util.xml.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\rmid.exe.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	[email protected]
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\sv.pak	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\jawt.lib	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\US_export_policy.jar	[email protected]
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\manifest.json.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-explorer.xml	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PowerPointCombinedFloatieModel.bin.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Exchange.WebServices.dll	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Themes.dll.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png	[email protected]
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\Training.potx	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.AuditItems.Resources.dll	[email protected]
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\sk.pak.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\upe.dll	[email protected]
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\AccessCompare.rdlc	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll	[email protected]
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\LogoCanary.png.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ko_KR.jar.[[email protected]][MJ-QJ7862543901].hydra	[email protected]
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.[[email protected]][MJ-QJ7862543901].hydra	[email protected]

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Documents and Settings\zh-TW\8:늨Qŭt.ex	[email protected]
File opened for modification	C:\Documents and Settings\zh-TW\8:둘QƁt.ex	[email protected]

Runs net.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1000	[email protected]
1000	[email protected]
1000	[email protected]
1000	[email protected]
1000	[email protected]
1000	[email protected]
1000	[email protected]
1000	[email protected]
1000	[email protected]
1000	[email protected]
1000	[email protected]
1000	[email protected]
1000	[email protected]
1000	[email protected]
1000	[email protected]
1000	[email protected]
1000	[email protected]
1000	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1000 wrote to memory of 2548	1000	[email protected]	75
PID 1000 wrote to memory of 2548	1000	[email protected]	75
PID 1000 wrote to memory of 2548	1000	[email protected]	75
PID 2548 wrote to memory of 3540	2548	cmd.exe	77
PID 2548 wrote to memory of 3540	2548	cmd.exe	77
PID 2548 wrote to memory of 3540	2548	cmd.exe	77
PID 3540 wrote to memory of 636	3540	net.exe	78
PID 3540 wrote to memory of 636	3540	net.exe	78
PID 3540 wrote to memory of 636	3540	net.exe	78
PID 1000 wrote to memory of 3000	1000	[email protected]	80
PID 1000 wrote to memory of 3000	1000	[email protected]	80
PID 1000 wrote to memory of 3000	1000	[email protected]	80
PID 1000 wrote to memory of 3028	1000	[email protected]	82
PID 1000 wrote to memory of 3028	1000	[email protected]	82
PID 1000 wrote to memory of 3028	1000	[email protected]	82
PID 1000 wrote to memory of 1196	1000	[email protected]	84
PID 1000 wrote to memory of 1196	1000	[email protected]	84
PID 1000 wrote to memory of 1196	1000	[email protected]	84
PID 1000 wrote to memory of 3716	1000	[email protected]	86
PID 1000 wrote to memory of 3716	1000	[email protected]	86
PID 1000 wrote to memory of 3716	1000	[email protected]	86
PID 3716 wrote to memory of 3892	3716	cmd.exe	88
PID 3716 wrote to memory of 3892	3716	cmd.exe	88
PID 3716 wrote to memory of 3892	3716	cmd.exe	88
PID 3892 wrote to memory of 1016	3892	net.exe	89
PID 3892 wrote to memory of 1016	3892	net.exe	89
PID 3892 wrote to memory of 1016	3892	net.exe	89
PID 1000 wrote to memory of 3184	1000	[email protected]	90
PID 1000 wrote to memory of 3184	1000	[email protected]	90
PID 1000 wrote to memory of 3184	1000	[email protected]	90
PID 3184 wrote to memory of 2560	3184	cmd.exe	92
PID 3184 wrote to memory of 2560	3184	cmd.exe	92
PID 3184 wrote to memory of 2560	3184	cmd.exe	92
PID 2560 wrote to memory of 2880	2560	net.exe	93
PID 2560 wrote to memory of 2880	2560	net.exe	93
PID 2560 wrote to memory of 2880	2560	net.exe	93
PID 1000 wrote to memory of 204	1000	[email protected]	94
PID 1000 wrote to memory of 204	1000	[email protected]	94
PID 1000 wrote to memory of 204	1000	[email protected]	94
PID 204 wrote to memory of 1588	204	cmd.exe	96
PID 204 wrote to memory of 1588	204	cmd.exe	96
PID 204 wrote to memory of 1588	204	cmd.exe	96
PID 1588 wrote to memory of 2908	1588	net.exe	97
PID 1588 wrote to memory of 2908	1588	net.exe	97
PID 1588 wrote to memory of 2908	1588	net.exe	97
PID 1000 wrote to memory of 1308	1000	[email protected]	98
PID 1000 wrote to memory of 1308	1000	[email protected]	98
PID 1000 wrote to memory of 1308	1000	[email protected]	98
PID 1308 wrote to memory of 2700	1308	cmd.exe	100
PID 1308 wrote to memory of 2700	1308	cmd.exe	100
PID 1308 wrote to memory of 2700	1308	cmd.exe	100
PID 1000 wrote to memory of 3176	1000	[email protected]	101
PID 1000 wrote to memory of 3176	1000	[email protected]	101
PID 1000 wrote to memory of 3176	1000	[email protected]	101
PID 3176 wrote to memory of 1196	3176	cmd.exe	103
PID 3176 wrote to memory of 1196	3176	cmd.exe	103
PID 3176 wrote to memory of 1196	3176	cmd.exe	103
PID 1000 wrote to memory of 3924	1000	[email protected]	104
PID 1000 wrote to memory of 3924	1000	[email protected]	104
PID 1000 wrote to memory of 3924	1000	[email protected]	104
PID 3924 wrote to memory of 2136	3924	cmd.exe	106
PID 3924 wrote to memory of 2136	3924	cmd.exe	106
PID 3924 wrote to memory of 2136	3924	cmd.exe	106
PID 2136 wrote to memory of 2608	2136	net.exe	107

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1000
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c net stop MSDTC
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2548
- - C:\Windows\SysWOW64\net.exe
    net stop MSDTC
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3540
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop MSDTC
      4⤵
      PID:636
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c bcdedit /set {default} bootstatuspolicy ignoreallfailures
  2⤵
  PID:3000
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c bcdedit /set {default} recoveryenabled no
  2⤵
  PID:3028
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c wbadmin delete catalog -quiet
  2⤵
  PID:1196
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c net stop SQLSERVERAGENT
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3716
- - C:\Windows\SysWOW64\net.exe
    net stop SQLSERVERAGENT
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3892
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop SQLSERVERAGENT
      4⤵
      PID:1016
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c net stop MSSQLSERVER
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3184
- - C:\Windows\SysWOW64\net.exe
    net stop MSSQLSERVER
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop MSSQLSERVER
      4⤵
      PID:2880
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c net stop vds
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:204
- - C:\Windows\SysWOW64\net.exe
    net stop vds
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1588
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop vds
      4⤵
      PID:2908
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c netsh advfirewall set currentprofile state off
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1308
- - C:\Windows\SysWOW64\netsh.exe
    netsh advfirewall set currentprofile state off
    3⤵
    PID:2700
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c netsh firewall set opmode mode=disable
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3176
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall set opmode mode=disable
    3⤵
    PID:1196
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c net stop SQLWriter
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3924
- - C:\Windows\SysWOW64\net.exe
    net stop SQLWriter
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2136
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop SQLWriter
      4⤵
      PID:2608
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c net stop SQLBrowser
  2⤵
  PID:3828
- - C:\Windows\SysWOW64\net.exe
    net stop SQLBrowser
    3⤵
    PID:3184
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop SQLBrowser
      4⤵
      PID:2664
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c net stop MSSQLSERVER
  2⤵
  PID:3452
- - C:\Windows\SysWOW64\net.exe
    net stop MSSQLSERVER
    3⤵
    PID:2888
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop MSSQLSERVER
      4⤵
      PID:3420
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c net stop MSSQL$CONTOSO1
  2⤵
  PID:1328
- - C:\Windows\SysWOW64\net.exe
    net stop MSSQL$CONTOSO1
    3⤵
    PID:1492
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop MSSQL$CONTOSO1
      4⤵
      PID:3548

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads