cobaltstrike | 068eb2b690144b1a9aef6a1f93c41d1b7c7f804d172124199e20952fe0b6d5be

General

Target

Invoice_Due-IN-244701726_20210823.xlsb
Size

173KB
MD5

7616efd9d10fd2c8d2b9f313410dc8e1
SHA1

9211184df686b4f870d1e615c98a1e0629273b3f
SHA256

068eb2b690144b1a9aef6a1f93c41d1b7c7f804d172124199e20952fe0b6d5be
SHA512

98978d380d766b5291619f2bfe0523348371bce619b1599fd0a31b7fb790c44bdb5bbdac695f296ad4b7f5ea37a52ff6f9a5cfacd5726140611cac1edca0efa5

Score

10^/10

cobaltstrike 1359593325 backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://37.120.206.118:80/push

Attributes

access_type
512
host
37.120.206.118,/push
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
polling_time
60000
port_number
80
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHFcV/jTWIWbMLGsg/xD3cCk0yHN+dWUBeSAZEdvXFEiawkFkWyJWyGyT0NbgSrwHmz+krYJY6l6YOoUNPWMNc6YpuQUYrBiilMX6rDkmmqUqem2tP6G4E6nBva8DOwNu671c8iFZeK4M8s6PPnUDuEuSHchHBLc5wV6Ew7BLO5QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/submit.php
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET4.0C; .NET4.0E)
watermark
1359593325

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Process spawned unexpected child process 2 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

wmic.exemshta.exe

description	pid	pid_target	process	target process
Parent C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE is not expected to spawn this process	1388	1816	wmic.exe	EXCEL.EXE
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	968	1632	mshta.exe

Blocklisted process makes network request 2 IoCs

Processes:

mshta.exe

flow pid process

7 968 mshta.exe
9 968 mshta.exe
Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

SPInf.exe

pid process

1388 SPInf.exe
Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

EXCEL.EXE

description ioc process

Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE

flow	pid	process
7	968	mshta.exe
9	968	mshta.exe

pid	process
1388	SPInf.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Modifies Internet Explorer settings 1 TTPs 11 IoCs

adware spyware

Modify Registry

T1112

Processes:

EXCEL.EXEmshta.exemshta.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Toolbar	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

mshta.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	mshta.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	mshta.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

1816 EXCEL.EXE

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

wmic.exewmic.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	1388	wmic.exe
Token: SeSecurityPrivilege	1388	wmic.exe
Token: SeTakeOwnershipPrivilege	1388	wmic.exe
Token: SeLoadDriverPrivilege	1388	wmic.exe
Token: SeSystemProfilePrivilege	1388	wmic.exe
Token: SeSystemtimePrivilege	1388	wmic.exe
Token: SeProfSingleProcessPrivilege	1388	wmic.exe
Token: SeIncBasePriorityPrivilege	1388	wmic.exe
Token: SeCreatePagefilePrivilege	1388	wmic.exe
Token: SeBackupPrivilege	1388	wmic.exe
Token: SeRestorePrivilege	1388	wmic.exe
Token: SeShutdownPrivilege	1388	wmic.exe
Token: SeDebugPrivilege	1388	wmic.exe
Token: SeSystemEnvironmentPrivilege	1388	wmic.exe
Token: SeRemoteShutdownPrivilege	1388	wmic.exe
Token: SeUndockPrivilege	1388	wmic.exe
Token: SeManageVolumePrivilege	1388	wmic.exe
Token: 33	1388	wmic.exe
Token: 34	1388	wmic.exe
Token: 35	1388	wmic.exe
Token: SeIncreaseQuotaPrivilege	1388	wmic.exe
Token: SeSecurityPrivilege	1388	wmic.exe
Token: SeTakeOwnershipPrivilege	1388	wmic.exe
Token: SeLoadDriverPrivilege	1388	wmic.exe
Token: SeSystemProfilePrivilege	1388	wmic.exe
Token: SeSystemtimePrivilege	1388	wmic.exe
Token: SeProfSingleProcessPrivilege	1388	wmic.exe
Token: SeIncBasePriorityPrivilege	1388	wmic.exe
Token: SeCreatePagefilePrivilege	1388	wmic.exe
Token: SeBackupPrivilege	1388	wmic.exe
Token: SeRestorePrivilege	1388	wmic.exe
Token: SeShutdownPrivilege	1388	wmic.exe
Token: SeDebugPrivilege	1388	wmic.exe
Token: SeSystemEnvironmentPrivilege	1388	wmic.exe
Token: SeRemoteShutdownPrivilege	1388	wmic.exe
Token: SeUndockPrivilege	1388	wmic.exe
Token: SeManageVolumePrivilege	1388	wmic.exe
Token: 33	1388	wmic.exe
Token: 34	1388	wmic.exe
Token: 35	1388	wmic.exe
Token: SeIncreaseQuotaPrivilege	1584	wmic.exe
Token: SeSecurityPrivilege	1584	wmic.exe
Token: SeTakeOwnershipPrivilege	1584	wmic.exe
Token: SeLoadDriverPrivilege	1584	wmic.exe
Token: SeSystemProfilePrivilege	1584	wmic.exe
Token: SeSystemtimePrivilege	1584	wmic.exe
Token: SeProfSingleProcessPrivilege	1584	wmic.exe
Token: SeIncBasePriorityPrivilege	1584	wmic.exe
Token: SeCreatePagefilePrivilege	1584	wmic.exe
Token: SeBackupPrivilege	1584	wmic.exe
Token: SeRestorePrivilege	1584	wmic.exe
Token: SeShutdownPrivilege	1584	wmic.exe
Token: SeDebugPrivilege	1584	wmic.exe
Token: SeSystemEnvironmentPrivilege	1584	wmic.exe
Token: SeRemoteShutdownPrivilege	1584	wmic.exe
Token: SeUndockPrivilege	1584	wmic.exe
Token: SeManageVolumePrivilege	1584	wmic.exe
Token: 33	1584	wmic.exe
Token: 34	1584	wmic.exe
Token: 35	1584	wmic.exe
Token: SeIncreaseQuotaPrivilege	1584	wmic.exe
Token: SeSecurityPrivilege	1584	wmic.exe
Token: SeTakeOwnershipPrivilege	1584	wmic.exe
Token: SeLoadDriverPrivilege	1584	wmic.exe

Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

EXCEL.EXE

pid	process
1816	EXCEL.EXE
1816	EXCEL.EXE
1816	EXCEL.EXE
1816	EXCEL.EXE
1816	EXCEL.EXE
1816	EXCEL.EXE
1816	EXCEL.EXE
1816	EXCEL.EXE
1816	EXCEL.EXE
1816	EXCEL.EXE
1816	EXCEL.EXE

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

EXCEL.EXEmshta.exemshta.exe

description	pid	process	target process
PID 1816 wrote to memory of 1388	1816	EXCEL.EXE	wmic.exe
PID 1816 wrote to memory of 1388	1816	EXCEL.EXE	wmic.exe
PID 1816 wrote to memory of 1388	1816	EXCEL.EXE	wmic.exe
PID 1816 wrote to memory of 1388	1816	EXCEL.EXE	wmic.exe
PID 968 wrote to memory of 324	968	mshta.exe	mshta.exe
PID 968 wrote to memory of 324	968	mshta.exe	mshta.exe
PID 968 wrote to memory of 324	968	mshta.exe	mshta.exe
PID 324 wrote to memory of 1584	324	mshta.exe	wmic.exe
PID 324 wrote to memory of 1584	324	mshta.exe	wmic.exe
PID 324 wrote to memory of 1584	324	mshta.exe	wmic.exe

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\Invoice_Due-IN-244701726_20210823.xlsb
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1816

C:\Windows\SysWOW64\Wbem\wmic.exe
wmic process call create 'mshta C:\ProgramData\Amzwu.sct'
2⤵
- Process spawned unexpected child process
- Suspicious use of AdjustPrivilegeToken
PID:1388

C:\Windows\system32\mshta.exe
mshta C:\ProgramData\Amzwu.sct
1⤵
- Process spawned unexpected child process
- Blocklisted process makes network request
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:968

C:\Windows\system32\mshta.exe
mshta C:\\ProgramData\SPInf.sct
2⤵
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:324

C:\Windows\System32\Wbem\wmic.exe
wmic process call create "C:\\ProgramData\SPInf.exe"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1584

C:\ProgramData\SPInf.exe
C:\\ProgramData\SPInf.exe
1⤵
- Executes dropped EXE
PID:1388

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Install Root Certificate

1

T1130

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Amzwu.sct
MD5
b654b5c15cdc20afaa5c424b704bcfaf

SHA1
4ba1fb25be4fcfd2ab8448da449b28dff17d813a

SHA256
cb1a5d21d5577a633f2687ecec0e7cf841747f720fe0d1c3c2311a0de039382d

SHA512
d15f98d026a26d24a019bf2958a346feb77705ee2c6f80d3b971899a135436437850a48e3daff7903c117ec14350a3ce20e631d4ff7ad457b2e7e326f33d7d92

Download Submit
C:\ProgramData\SPInf.exe
MD5
f22083e11a7c34c3ddd3726f65fb3939

SHA1
1d529d5f0e330f5fc485699f3bc67c918619da67

SHA256
316f938abb63266eb410087f7f4b20e987cb9a8be1e385e95c420d96c9ac6f76

SHA512
c27c2f82f574d0db400ca26ce7663d77c8d21a14a52ea7a35e37842d36e9f176fcf17357106a5050cb2d11de930ddddc8e6f2c09d9b3f63932e0b5ca3359102a

Download Submit
C:\ProgramData\SPInf.sct
MD5
d6f3ca63c2312ba35dd40622d484841e

SHA1
63c60d6b04c85c48b3a0099611de8573baf541ec

SHA256
7a983eb19550a1e88eb2342f8c44bc63f08f3e0f8c2b6cd05f050704ba0a5879

SHA512
f9cd044cbcc705963470c8ed22793593b7b18afd388418e2a925dd14cd6f0070449e46cb35141e74287256a09b16fcc3c988eaac8dd05002ae593f1252a08f7d

Download Submit
memory/324-65-0x0000000000000000-mapping.dmp

Download
memory/1388-63-0x0000000000000000-mapping.dmp

Download
memory/1388-69-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/1388-70-0x0000000000290000-0x0000000000297000-memory.dmp

Filesize
28KB

Download
memory/1388-71-0x00000000002F0000-0x0000000000323000-memory.dmp

Filesize
204KB

Download
memory/1388-72-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download
memory/1388-73-0x0000000000880000-0x00000000008BD000-memory.dmp

Filesize
244KB

Download
memory/1584-67-0x0000000000000000-mapping.dmp

Download
memory/1816-60-0x000000002FAB1000-0x000000002FAB4000-memory.dmp

Filesize
12KB

Download
memory/1816-62-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1816-61-0x0000000070E41000-0x0000000070E43000-memory.dmp

Filesize
8KB

Download
memory/1816-74-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads