cybergate | 9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b

General

Target

9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe
Size

762KB
MD5

61100d43a149d129dd54142600e34ed8
SHA1

140d028670022775807e7817cf5e1c1e95eb5c1b
SHA256

9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b
SHA512

a55478437bea7a253031d2de0e055b835f9af5c2f396644cd98e5184e562db6911a7ed94944e688cbc6a6f3fa5fa0e7ea68d817b2619918c0046575cb0dca3a9
SSDEEP

12288:A0KcgjVIgfgbn2dHPXjbUTGc4PvLLc5Un5G6QoamvlHsL1Zf69xA2MfKliPP3kUb:ACVi/zPDHKhGu2K3l

Score

10^/10

cybergate zombie persistence stealer trojan upx

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Zombie

C2

amdzone.no-ip.info:3086

Mutex

06I43WDM5B044Q

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
PrivateSW87
regkey_hklm
Windows Live Messenger

Signatures

CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
trojan stealer cybergate

Adds policy Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

svchost.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\install\\server.exe"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\install\\server.exe"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	svchost.exe

Executes dropped EXE 2 IoCs

Processes:

svchost.exesvchost.exe

pid process

748 svchost.exe
2812 svchost.exe

pid	process
748	svchost.exe
2812	svchost.exe

Modifies Installed Components in the registry 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

explorer.exesvchost.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7N1KO863-4LHX-407K-K615-VFN18818NW4A}\StubPath = "C:\\Windows\\system32\\install\\server.exe"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{7N1KO863-4LHX-407K-K615-VFN18818NW4A}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7N1KO863-4LHX-407K-K615-VFN18818NW4A}\StubPath = "C:\\Windows\\system32\\install\\server.exe Restart"	svchost.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{7N1KO863-4LHX-407K-K615-VFN18818NW4A}	explorer.exe

UPX packed file 14 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/748-135-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/748-141-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/748-139-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/748-138-0x0000000000400000-0x0000000000456000-memory.dmp	upx
behavioral2/memory/748-144-0x0000000010410000-0x0000000010475000-memory.dmp	upx
behavioral2/memory/748-149-0x0000000010480000-0x00000000104E5000-memory.dmp	upx
behavioral2/memory/4844-152-0x0000000010480000-0x00000000104E5000-memory.dmp	upx
behavioral2/memory/4844-153-0x0000000010480000-0x00000000104E5000-memory.dmp	upx
behavioral2/memory/748-155-0x00000000104F0000-0x0000000010555000-memory.dmp	upx
behavioral2/memory/748-163-0x0000000010560000-0x00000000105C5000-memory.dmp	upx
behavioral2/memory/2812-166-0x0000000010560000-0x00000000105C5000-memory.dmp	upx
behavioral2/memory/2812-167-0x0000000010560000-0x00000000105C5000-memory.dmp	upx
behavioral2/memory/4844-168-0x0000000010480000-0x00000000104E5000-memory.dmp	upx
behavioral2/memory/2812-169-0x0000000010560000-0x00000000105C5000-memory.dmp	upx

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

svchost.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation svchost.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	svchost.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exesvchost.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Winlogon = "C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe"	9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Live Messenger = "C:\\Windows\\system32\\install\\server.exe"	svchost.exe

Drops file in System32 directory 4 IoCs

Processes:

svchost.exesvchost.exe

description	ioc	process
File created	C:\Windows\SysWOW64\install\server.exe	svchost.exe
File opened for modification	C:\Windows\SysWOW64\install\server.exe	svchost.exe
File opened for modification	C:\Windows\SysWOW64\install\server.exe	svchost.exe
File opened for modification	C:\Windows\SysWOW64\install\	svchost.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe

description	pid	process	target process
PID 4276 set thread context of 748	4276	9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

explorer.exesvchost.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	svchost.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exesvchost.exe

pid process

4276 9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe
748 svchost.exe
748 svchost.exe

pid	process
4276	9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe
748	svchost.exe
748	svchost.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exeexplorer.exesvchost.exe

description	pid	process
Token: SeDebugPrivilege	4276	9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe
Token: SeBackupPrivilege	4844	explorer.exe
Token: SeRestorePrivilege	4844	explorer.exe
Token: SeBackupPrivilege	2812	svchost.exe
Token: SeRestorePrivilege	2812	svchost.exe
Token: SeDebugPrivilege	2812	svchost.exe
Token: SeDebugPrivilege	2812	svchost.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

svchost.exe

pid process

748 svchost.exe

pid	process
748	svchost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exesvchost.exe

description	pid	process	target process
PID 4276 wrote to memory of 748	4276	9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe	svchost.exe
PID 4276 wrote to memory of 748	4276	9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe	svchost.exe
PID 4276 wrote to memory of 748	4276	9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe	svchost.exe
PID 4276 wrote to memory of 748	4276	9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe	svchost.exe
PID 4276 wrote to memory of 748	4276	9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe	svchost.exe
PID 4276 wrote to memory of 748	4276	9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe	svchost.exe
PID 4276 wrote to memory of 748	4276	9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe	svchost.exe
PID 4276 wrote to memory of 748	4276	9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe	svchost.exe
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE
PID 748 wrote to memory of 2824	748	svchost.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe
"C:\Users\Admin\AppData\Local\Temp\9225418474c03496346e93e894496c4f59948bc13e23d50387069c8e0eaf498b.exe"
2⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4276

C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
3⤵
- Adds policy Run key to start application
- Executes dropped EXE
- Modifies Installed Components in the registry
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:748

C:\Windows\SysWOW64\explorer.exe
explorer.exe
4⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4844

C:\Windows\SysWOW64\install\server.exe
"C:\Windows\system32\install\server.exe"
5⤵
PID:3996

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
4⤵
PID:1996

C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
4⤵
- Executes dropped EXE
- Checks computer location settings
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2812

C:\Windows\SysWOW64\install\server.exe
"C:\Windows\system32\install\server.exe"
5⤵
PID:3540

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

3

T1060

Privilege Escalation

Defense Evasion

Modify Registry

3

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Admin2.txt
Filesize
224KB

MD5
babfa55af0a3b9fa5275c7f093620ab3

SHA1
4100c4cefe41ccbd4d36d045d1cf28e642fad6f0

SHA256
c7df2f153afcd05e185592caae6bed62c9e765536b6b1330a20ad7279604759c

SHA512
953722890d0ba9cef5e5fdadc21759010aba0f99dd112cd6271d48f1fbaa74bbd5d65b2688de4b1e480137d1bc134b58ec730136fedf79aaf73f8b377dfbd496

Download Submit
C:\Users\Admin\AppData\Roaming\svchost.exe
Filesize
60KB

MD5
889b99c52a60dd49227c5e485a016679

SHA1
8fa889e456aa646a4d0a4349977430ce5fa5e2d7

SHA256
6cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910

SHA512
08933106eaf338dd119c45cbf1f83e723aff77cc0f8d3fc84e36253b1eb31557a54211d1d5d1cb58958188e32064d451f6c66a24b3963cccd3de07299ab90641

Download Submit
C:\Users\Admin\AppData\Roaming\svchost.exe
Filesize
60KB

MD5
889b99c52a60dd49227c5e485a016679

SHA1
8fa889e456aa646a4d0a4349977430ce5fa5e2d7

SHA256
6cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910

SHA512
08933106eaf338dd119c45cbf1f83e723aff77cc0f8d3fc84e36253b1eb31557a54211d1d5d1cb58958188e32064d451f6c66a24b3963cccd3de07299ab90641

Download Submit
C:\Users\Admin\AppData\Roaming\svchost.exe
Filesize
60KB

MD5
889b99c52a60dd49227c5e485a016679

SHA1
8fa889e456aa646a4d0a4349977430ce5fa5e2d7

SHA256
6cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910

SHA512
08933106eaf338dd119c45cbf1f83e723aff77cc0f8d3fc84e36253b1eb31557a54211d1d5d1cb58958188e32064d451f6c66a24b3963cccd3de07299ab90641

Download Submit
C:\Windows\SysWOW64\install\server.exe
Filesize
60KB

MD5
889b99c52a60dd49227c5e485a016679

SHA1
8fa889e456aa646a4d0a4349977430ce5fa5e2d7

SHA256
6cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910

SHA512
08933106eaf338dd119c45cbf1f83e723aff77cc0f8d3fc84e36253b1eb31557a54211d1d5d1cb58958188e32064d451f6c66a24b3963cccd3de07299ab90641

Download Submit
C:\Windows\SysWOW64\install\server.exe
Filesize
60KB

MD5
889b99c52a60dd49227c5e485a016679

SHA1
8fa889e456aa646a4d0a4349977430ce5fa5e2d7

SHA256
6cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910

SHA512
08933106eaf338dd119c45cbf1f83e723aff77cc0f8d3fc84e36253b1eb31557a54211d1d5d1cb58958188e32064d451f6c66a24b3963cccd3de07299ab90641

Download Submit
C:\Windows\SysWOW64\install\server.exe
Filesize
60KB

MD5
889b99c52a60dd49227c5e485a016679

SHA1
8fa889e456aa646a4d0a4349977430ce5fa5e2d7

SHA256
6cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910

SHA512
08933106eaf338dd119c45cbf1f83e723aff77cc0f8d3fc84e36253b1eb31557a54211d1d5d1cb58958188e32064d451f6c66a24b3963cccd3de07299ab90641

Download Submit
memory/748-144-0x0000000010410000-0x0000000010475000-memory.dmp

Filesize
404KB

Download
memory/748-135-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/748-163-0x0000000010560000-0x00000000105C5000-memory.dmp

Filesize
404KB

Download
memory/748-134-0x0000000000000000-mapping.dmp

Download
memory/748-139-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/748-149-0x0000000010480000-0x00000000104E5000-memory.dmp

Filesize
404KB

Download
memory/748-141-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/748-138-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/748-155-0x00000000104F0000-0x0000000010555000-memory.dmp

Filesize
404KB

Download
memory/2812-169-0x0000000010560000-0x00000000105C5000-memory.dmp

Filesize
404KB

Download
memory/2812-161-0x0000000000000000-mapping.dmp

Download
memory/2812-167-0x0000000010560000-0x00000000105C5000-memory.dmp

Filesize
404KB

Download
memory/2812-166-0x0000000010560000-0x00000000105C5000-memory.dmp

Filesize
404KB

Download
memory/3540-171-0x0000000000000000-mapping.dmp

Download
memory/3996-170-0x0000000000000000-mapping.dmp

Download
memory/4276-140-0x0000000075300000-0x00000000758B1000-memory.dmp

Filesize
5.7MB

Download
memory/4276-132-0x0000000075300000-0x00000000758B1000-memory.dmp

Filesize
5.7MB

Download
memory/4276-133-0x0000000075300000-0x00000000758B1000-memory.dmp

Filesize
5.7MB

Download
memory/4844-168-0x0000000010480000-0x00000000104E5000-memory.dmp

Filesize
404KB

Download
memory/4844-153-0x0000000010480000-0x00000000104E5000-memory.dmp

Filesize
404KB

Download
memory/4844-152-0x0000000010480000-0x00000000104E5000-memory.dmp

Filesize
404KB

Download
memory/4844-148-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads