41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f

General

Target

41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe
Size

296KB
MD5

3d7a5b83b6c8fdd5df34cbb0d23483de
SHA1

e774dc8e30008338844f096c6ade70e2c092052d
SHA256

41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f
SHA512

804a888abd4982913cc1c1e1585040fb6be47c1ca37b5be9eb6c52d6c419c038dfaf18f670e1fa942f2f316fac49e4e613beb39a4a54d21d6df7371bb5947182
SSDEEP

6144:Nnh4rMUW2f5mn4cwBPQD4od7FwDvKbrAGeGYiRqVVc67HJz:zf1o2faKbrAGeuRqVCqF

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies firewall policy service 2 TTPs 8 IoCs

evasion

Modify Registry

T1112

Modify Existing Service

T1031

Processes:

reg.exereg.exereg.exereg.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	reg.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe = "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe:*:Enabled:Windows Messanger"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	reg.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Roaming\URFNZWN8PN.exe = "C:\\Users\\Admin\\AppData\\Roaming\\URFNZWN8PN.exe:*:Enabled:Windows Messanger"	reg.exe

Executes dropped EXE 2 IoCs

Processes:

tmp954.tmp.exetmp954.tmp.exe

pid process

1764 tmp954.tmp.exe
1648 tmp954.tmp.exe
Loads dropped DLL 2 IoCs

Processes:

41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exetmp954.tmp.exe

pid process

1652 41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe
1764 tmp954.tmp.exe
Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

pid	process
1764	tmp954.tmp.exe
1648	tmp954.tmp.exe

pid	process
1652	41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe
1764	tmp954.tmp.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exetmp954.tmp.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\1543054795.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp954.tmp.exe"	41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\185007100.exe = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp954.tmp.exe\""	tmp954.tmp.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe

description pid process target process

PID 1652 set thread context of 860 1652 41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe vbc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Modifies registry key 1 TTPs 4 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exereg.exereg.exe

pid process

1204 reg.exe
1508 reg.exe
792 reg.exe
580 reg.exe

description	pid	process	target process
PID 1652 set thread context of 860	1652	41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe	vbc.exe

pid	process
1204	reg.exe
1508	reg.exe
792	reg.exe
580	reg.exe

Suspicious use of AdjustPrivilegeToken 38 IoCs

Processes:

41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exetmp954.tmp.exetmp954.tmp.exevbc.exe

description	pid	process
Token: SeDebugPrivilege	1652	41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe
Token: SeDebugPrivilege	1764	tmp954.tmp.exe
Token: SeDebugPrivilege	1648	tmp954.tmp.exe
Token: 1	860	vbc.exe
Token: SeCreateTokenPrivilege	860	vbc.exe
Token: SeAssignPrimaryTokenPrivilege	860	vbc.exe
Token: SeLockMemoryPrivilege	860	vbc.exe
Token: SeIncreaseQuotaPrivilege	860	vbc.exe
Token: SeMachineAccountPrivilege	860	vbc.exe
Token: SeTcbPrivilege	860	vbc.exe
Token: SeSecurityPrivilege	860	vbc.exe
Token: SeTakeOwnershipPrivilege	860	vbc.exe
Token: SeLoadDriverPrivilege	860	vbc.exe
Token: SeSystemProfilePrivilege	860	vbc.exe
Token: SeSystemtimePrivilege	860	vbc.exe
Token: SeProfSingleProcessPrivilege	860	vbc.exe
Token: SeIncBasePriorityPrivilege	860	vbc.exe
Token: SeCreatePagefilePrivilege	860	vbc.exe
Token: SeCreatePermanentPrivilege	860	vbc.exe
Token: SeBackupPrivilege	860	vbc.exe
Token: SeRestorePrivilege	860	vbc.exe
Token: SeShutdownPrivilege	860	vbc.exe
Token: SeDebugPrivilege	860	vbc.exe
Token: SeAuditPrivilege	860	vbc.exe
Token: SeSystemEnvironmentPrivilege	860	vbc.exe
Token: SeChangeNotifyPrivilege	860	vbc.exe
Token: SeRemoteShutdownPrivilege	860	vbc.exe
Token: SeUndockPrivilege	860	vbc.exe
Token: SeSyncAgentPrivilege	860	vbc.exe
Token: SeEnableDelegationPrivilege	860	vbc.exe
Token: SeManageVolumePrivilege	860	vbc.exe
Token: SeImpersonatePrivilege	860	vbc.exe
Token: SeCreateGlobalPrivilege	860	vbc.exe
Token: 31	860	vbc.exe
Token: 32	860	vbc.exe
Token: 33	860	vbc.exe
Token: 34	860	vbc.exe
Token: 35	860	vbc.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

vbc.exe

pid process

860 vbc.exe
860 vbc.exe
860 vbc.exe
860 vbc.exe
860 vbc.exe
860 vbc.exe
860 vbc.exe
860 vbc.exe

pid	process
860	vbc.exe
860	vbc.exe
860	vbc.exe
860	vbc.exe
860	vbc.exe
860	vbc.exe
860	vbc.exe
860	vbc.exe

Suspicious use of WriteProcessMemory 48 IoCs

Processes:

41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exetmp954.tmp.exevbc.execmd.execmd.execmd.execmd.exe

description	pid	process	target process
PID 1652 wrote to memory of 1764	1652	41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe	tmp954.tmp.exe
PID 1652 wrote to memory of 1764	1652	41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe	tmp954.tmp.exe
PID 1652 wrote to memory of 1764	1652	41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe	tmp954.tmp.exe
PID 1652 wrote to memory of 1764	1652	41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe	tmp954.tmp.exe
PID 1764 wrote to memory of 1648	1764	tmp954.tmp.exe	tmp954.tmp.exe
PID 1764 wrote to memory of 1648	1764	tmp954.tmp.exe	tmp954.tmp.exe
PID 1764 wrote to memory of 1648	1764	tmp954.tmp.exe	tmp954.tmp.exe
PID 1764 wrote to memory of 1648	1764	tmp954.tmp.exe	tmp954.tmp.exe
PID 1652 wrote to memory of 860	1652	41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe	vbc.exe
PID 1652 wrote to memory of 860	1652	41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe	vbc.exe
PID 1652 wrote to memory of 860	1652	41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe	vbc.exe
PID 1652 wrote to memory of 860	1652	41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe	vbc.exe
PID 1652 wrote to memory of 860	1652	41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe	vbc.exe
PID 1652 wrote to memory of 860	1652	41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe	vbc.exe
PID 1652 wrote to memory of 860	1652	41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe	vbc.exe
PID 1652 wrote to memory of 860	1652	41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe	vbc.exe
PID 860 wrote to memory of 660	860	vbc.exe	cmd.exe
PID 860 wrote to memory of 660	860	vbc.exe	cmd.exe
PID 860 wrote to memory of 660	860	vbc.exe	cmd.exe
PID 860 wrote to memory of 660	860	vbc.exe	cmd.exe
PID 860 wrote to memory of 1564	860	vbc.exe	cmd.exe
PID 860 wrote to memory of 1564	860	vbc.exe	cmd.exe
PID 860 wrote to memory of 1564	860	vbc.exe	cmd.exe
PID 860 wrote to memory of 1564	860	vbc.exe	cmd.exe
PID 860 wrote to memory of 1712	860	vbc.exe	cmd.exe
PID 860 wrote to memory of 1712	860	vbc.exe	cmd.exe
PID 860 wrote to memory of 1712	860	vbc.exe	cmd.exe
PID 860 wrote to memory of 1712	860	vbc.exe	cmd.exe
PID 860 wrote to memory of 632	860	vbc.exe	cmd.exe
PID 860 wrote to memory of 632	860	vbc.exe	cmd.exe
PID 860 wrote to memory of 632	860	vbc.exe	cmd.exe
PID 860 wrote to memory of 632	860	vbc.exe	cmd.exe
PID 660 wrote to memory of 580	660	cmd.exe	reg.exe
PID 660 wrote to memory of 580	660	cmd.exe	reg.exe
PID 660 wrote to memory of 580	660	cmd.exe	reg.exe
PID 660 wrote to memory of 580	660	cmd.exe	reg.exe
PID 1712 wrote to memory of 1508	1712	cmd.exe	reg.exe
PID 1712 wrote to memory of 1508	1712	cmd.exe	reg.exe
PID 1712 wrote to memory of 1508	1712	cmd.exe	reg.exe
PID 1712 wrote to memory of 1508	1712	cmd.exe	reg.exe
PID 1564 wrote to memory of 1204	1564	cmd.exe	reg.exe
PID 1564 wrote to memory of 1204	1564	cmd.exe	reg.exe
PID 1564 wrote to memory of 1204	1564	cmd.exe	reg.exe
PID 1564 wrote to memory of 1204	1564	cmd.exe	reg.exe
PID 632 wrote to memory of 792	632	cmd.exe	reg.exe
PID 632 wrote to memory of 792	632	cmd.exe	reg.exe
PID 632 wrote to memory of 792	632	cmd.exe	reg.exe
PID 632 wrote to memory of 792	632	cmd.exe	reg.exe

C:\Users\Admin\AppData\Local\Temp\41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe
"C:\Users\Admin\AppData\Local\Temp\41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1652

C:\Users\Admin\AppData\Local\Temp\tmp954.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp954.tmp.exe" /pq
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1764

C:\Users\Admin\AppData\Local\Temp\tmp954.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp954.tmp.exe" /px
3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:1648

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\\vbc.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:860

C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
3⤵
- Suspicious use of WriteProcessMemory
PID:660

C:\Windows\SysWOW64\reg.exe
REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
4⤵
- Modifies firewall policy service
- Modifies registry key
PID:580

C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /t REG_SZ /d "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger" /f
3⤵
- Suspicious use of WriteProcessMemory
PID:1564

C:\Windows\SysWOW64\reg.exe
REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /t REG_SZ /d "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger" /f
4⤵
- Modifies firewall policy service
- Modifies registry key
PID:1204

C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
3⤵
- Suspicious use of WriteProcessMemory
PID:1712

C:\Windows\SysWOW64\reg.exe
REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
4⤵
- Modifies firewall policy service
- Modifies registry key
PID:1508

C:\Windows\SysWOW64\cmd.exe
cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\URFNZWN8PN.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\URFNZWN8PN.exe:*:Enabled:Windows Messanger" /f
3⤵
- Suspicious use of WriteProcessMemory
PID:632

C:\Windows\SysWOW64\reg.exe
REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\URFNZWN8PN.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\URFNZWN8PN.exe:*:Enabled:Windows Messanger" /f
4⤵
- Modifies firewall policy service
- Modifies registry key
PID:792

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

1

T1064

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp954.tmp.exe

Filesize
296KB

MD5
3d7a5b83b6c8fdd5df34cbb0d23483de

SHA1
e774dc8e30008338844f096c6ade70e2c092052d

SHA256
41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f

SHA512
804a888abd4982913cc1c1e1585040fb6be47c1ca37b5be9eb6c52d6c419c038dfaf18f670e1fa942f2f316fac49e4e613beb39a4a54d21d6df7371bb5947182

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp954.tmp.exe

Filesize
296KB

MD5
3d7a5b83b6c8fdd5df34cbb0d23483de

SHA1
e774dc8e30008338844f096c6ade70e2c092052d

SHA256
41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f

SHA512
804a888abd4982913cc1c1e1585040fb6be47c1ca37b5be9eb6c52d6c419c038dfaf18f670e1fa942f2f316fac49e4e613beb39a4a54d21d6df7371bb5947182

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp954.tmp.exe

Filesize
296KB

MD5
3d7a5b83b6c8fdd5df34cbb0d23483de

SHA1
e774dc8e30008338844f096c6ade70e2c092052d

SHA256
41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f

SHA512
804a888abd4982913cc1c1e1585040fb6be47c1ca37b5be9eb6c52d6c419c038dfaf18f670e1fa942f2f316fac49e4e613beb39a4a54d21d6df7371bb5947182

Download Submit
\Users\Admin\AppData\Local\Temp\tmp954.tmp.exe

Filesize
296KB

MD5
3d7a5b83b6c8fdd5df34cbb0d23483de

SHA1
e774dc8e30008338844f096c6ade70e2c092052d

SHA256
41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f

SHA512
804a888abd4982913cc1c1e1585040fb6be47c1ca37b5be9eb6c52d6c419c038dfaf18f670e1fa942f2f316fac49e4e613beb39a4a54d21d6df7371bb5947182

Download Submit
\Users\Admin\AppData\Local\Temp\tmp954.tmp.exe

Filesize
296KB

MD5
3d7a5b83b6c8fdd5df34cbb0d23483de

SHA1
e774dc8e30008338844f096c6ade70e2c092052d

SHA256
41707206bb6ac790542519a9cad6a438c71e5b1e3eeef5f95f99f7cd19126d9f

SHA512
804a888abd4982913cc1c1e1585040fb6be47c1ca37b5be9eb6c52d6c419c038dfaf18f670e1fa942f2f316fac49e4e613beb39a4a54d21d6df7371bb5947182

Download Submit
memory/580-86-0x0000000000000000-mapping.dmp

Download
memory/632-85-0x0000000000000000-mapping.dmp

Download
memory/660-82-0x0000000000000000-mapping.dmp

Download
memory/792-89-0x0000000000000000-mapping.dmp

Download
memory/860-76-0x00000000004013D8-mapping.dmp

Download
memory/860-67-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/860-68-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/860-71-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/860-74-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1204-88-0x0000000000000000-mapping.dmp

Download
memory/1508-87-0x0000000000000000-mapping.dmp

Download
memory/1564-83-0x0000000000000000-mapping.dmp

Download
memory/1648-69-0x0000000074700000-0x0000000074CAB000-memory.dmp

Filesize
5.7MB

Download
memory/1648-63-0x0000000000000000-mapping.dmp

Download
memory/1652-54-0x00000000758C1000-0x00000000758C3000-memory.dmp

Filesize
8KB

Download
memory/1652-55-0x0000000074700000-0x0000000074CAB000-memory.dmp

Filesize
5.7MB

Download
memory/1652-90-0x0000000074700000-0x0000000074CAB000-memory.dmp

Filesize
5.7MB

Download
memory/1712-84-0x0000000000000000-mapping.dmp

Download
memory/1764-66-0x0000000074700000-0x0000000074CAB000-memory.dmp

Filesize
5.7MB

Download
memory/1764-62-0x0000000074700000-0x0000000074CAB000-memory.dmp

Filesize
5.7MB

Download
memory/1764-57-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads