d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981

General

Target

d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe
Size

460KB
MD5

ad1fbf4bd151e7d15210a1825d5f09e4
SHA1

32f5e56271ad25af3c1ef94df6cf3db010508d8d
SHA256

d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981
SHA512

9dca92e995069ab65a4455d861b86d53203ab166a001eaeaa5764fcc0dea4400326bb4efa491f46931868779d0459c635b332d97c5f7642d800d93901b4fe524
SSDEEP

6144:7sGoRJkv01CWcAQShgQeAqkQf9FUzt3VTVSEzVVp2oyGCCKNxOKsX9s5iXSyVG8/:pkUQVcA5f+fHqt3XSq1CbhsX9HhMnnu

Score

10^/10

evasion persistence spyware stealer trojan

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe

UAC bypass 3 TTPs 1 IoCs
evasion trojan

Bypass User Account Control
T1088

Disabling Security Tools
T1089

Modify Registry
T1112

Processes:

reg.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe
Executes dropped EXE 4 IoCs

Processes:

CCgwwIYo.exeDmEEAIsk.exeBewQksAI.exeBginfo64.exe

pid process

1316 CCgwwIYo.exe
1444 DmEEAIsk.exe
632 BewQksAI.exe
4532 Bginfo64.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

CCgwwIYo.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	CCgwwIYo.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exeCCgwwIYo.exeDmEEAIsk.exeBewQksAI.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CCgwwIYo.exe = "C:\\Users\\Admin\\qKcIEUkw\\CCgwwIYo.exe"	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DmEEAIsk.exe = "C:\\ProgramData\\IqUkooEw\\DmEEAIsk.exe"	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CCgwwIYo.exe = "C:\\Users\\Admin\\qKcIEUkw\\CCgwwIYo.exe"	CCgwwIYo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DmEEAIsk.exe = "C:\\ProgramData\\IqUkooEw\\DmEEAIsk.exe"	DmEEAIsk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DmEEAIsk.exe = "C:\\ProgramData\\IqUkooEw\\DmEEAIsk.exe"	BewQksAI.exe

Drops file in System32 directory 4 IoCs

Processes:

BewQksAI.exeCCgwwIYo.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\qKcIEUkw	BewQksAI.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\qKcIEUkw\CCgwwIYo	BewQksAI.exe
File created	C:\Windows\SysWOW64\shell32.dll.exe	CCgwwIYo.exe
File opened for modification	C:\Windows\SysWOW64\sheNewRegister.exe	CCgwwIYo.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Modifies registry key 1 TTPs 3 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exereg.exe

pid process

4700 reg.exe
4140 reg.exe
3008 reg.exe

pid	process
4700	reg.exe
4140	reg.exe
3008	reg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exeCCgwwIYo.exe

pid	process
1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe
1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe
1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe
1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

CCgwwIYo.exe

pid process

1316 CCgwwIYo.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

CCgwwIYo.exe

pid	process
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe
1316	CCgwwIYo.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.execmd.exe

description	pid	process	target process
PID 1292 wrote to memory of 1316	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	CCgwwIYo.exe
PID 1292 wrote to memory of 1316	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	CCgwwIYo.exe
PID 1292 wrote to memory of 1316	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	CCgwwIYo.exe
PID 1292 wrote to memory of 1444	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	DmEEAIsk.exe
PID 1292 wrote to memory of 1444	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	DmEEAIsk.exe
PID 1292 wrote to memory of 1444	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	DmEEAIsk.exe
PID 1292 wrote to memory of 2808	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	cmd.exe
PID 1292 wrote to memory of 2808	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	cmd.exe
PID 1292 wrote to memory of 2808	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	cmd.exe
PID 2808 wrote to memory of 4532	2808	cmd.exe	Bginfo64.exe
PID 2808 wrote to memory of 4532	2808	cmd.exe	Bginfo64.exe
PID 1292 wrote to memory of 4700	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	reg.exe
PID 1292 wrote to memory of 4700	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	reg.exe
PID 1292 wrote to memory of 4700	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	reg.exe
PID 1292 wrote to memory of 4140	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	reg.exe
PID 1292 wrote to memory of 4140	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	reg.exe
PID 1292 wrote to memory of 4140	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	reg.exe
PID 1292 wrote to memory of 3008	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	reg.exe
PID 1292 wrote to memory of 3008	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	reg.exe
PID 1292 wrote to memory of 3008	1292	d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe	reg.exe

C:\Users\Admin\AppData\Local\Temp\d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe
"C:\Users\Admin\AppData\Local\Temp\d5c9cce6e1cac73a2f39d20105dccd3808d3bb98a9da304a20cf6cb30052b981.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1292

C:\Users\Admin\qKcIEUkw\CCgwwIYo.exe
"C:\Users\Admin\qKcIEUkw\CCgwwIYo.exe"
2⤵
- Executes dropped EXE
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1316

C:\ProgramData\IqUkooEw\DmEEAIsk.exe
"C:\ProgramData\IqUkooEw\DmEEAIsk.exe"
2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1444

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\Bginfo64.exe
2⤵
- Suspicious use of WriteProcessMemory
PID:2808

C:\Users\Admin\AppData\Local\Temp\Bginfo64.exe
C:\Users\Admin\AppData\Local\Temp\Bginfo64.exe
3⤵
- Executes dropped EXE
PID:4532

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
2⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:4700

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
2⤵
- Modifies registry key
PID:4140

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
2⤵
- UAC bypass
- Modifies registry key
PID:3008

C:\ProgramData\bwksgMYI\BewQksAI.exe
C:\ProgramData\bwksgMYI\BewQksAI.exe
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:632

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1

T1158

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Bypass User Account Control

1

T1088

Defense Evasion

Hidden Files and Directories

1

T1158

Modify Registry

4

T1112

Bypass User Account Control

1

T1088

Disabling Security Tools

1

T1089

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\IqUkooEw\DmEEAIsk.exe
Filesize
431KB

MD5
ea0b40caa7e156c4e0593f6d7f4f7aab

SHA1
0f2b72f8daf5d1bbae014200388f153c0f1c3a27

SHA256
6202fb4cbd2b15030bc26091502708379f1601fbc86e5377e4bbdd8efe0c0288

SHA512
4d6610e1e0ca01df9f91fafe898b9fa41fc8e3c1d5859116f212dd094f7ff0cb5862e76072a92e609b8437587253049136a903bf344d2aaf6cac54369d832bab

Download Submit
C:\ProgramData\IqUkooEw\DmEEAIsk.exe
Filesize
431KB

MD5
ea0b40caa7e156c4e0593f6d7f4f7aab

SHA1
0f2b72f8daf5d1bbae014200388f153c0f1c3a27

SHA256
6202fb4cbd2b15030bc26091502708379f1601fbc86e5377e4bbdd8efe0c0288

SHA512
4d6610e1e0ca01df9f91fafe898b9fa41fc8e3c1d5859116f212dd094f7ff0cb5862e76072a92e609b8437587253049136a903bf344d2aaf6cac54369d832bab

Download Submit
C:\ProgramData\bwksgMYI\BewQksAI.exe
Filesize
433KB

MD5
c3af078891202785ad24df1ff4643074

SHA1
b920a467c6fae8bd0138df57d2174b69ce1457e2

SHA256
6e2359c866f4791ac5972f048c9a400f8b4f8d012e9126c350d4a730669540e9

SHA512
38e2b37a51ce300bb34cdde60d19d953b1df5aa1db2f416dbc3d743597bb3b8144b753d9d81d06e21bdcdef289636044cd1c3ca6d32770a8a6611e81ddf2d3a6

Download Submit
C:\ProgramData\bwksgMYI\BewQksAI.exe
Filesize
433KB

MD5
c3af078891202785ad24df1ff4643074

SHA1
b920a467c6fae8bd0138df57d2174b69ce1457e2

SHA256
6e2359c866f4791ac5972f048c9a400f8b4f8d012e9126c350d4a730669540e9

SHA512
38e2b37a51ce300bb34cdde60d19d953b1df5aa1db2f416dbc3d743597bb3b8144b753d9d81d06e21bdcdef289636044cd1c3ca6d32770a8a6611e81ddf2d3a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Bginfo64.exe
Filesize
24KB

MD5
c6b3c81dff28dce882ba4f9f1d428423

SHA1
2d31bae0b83b12511a49a81938fd350e5c687331

SHA256
9e09478d6a518fd99520c36cadf415d34c52efc444dfc8bb8edbf92af66ca788

SHA512
fa19706c17659976402380ee2852470092272300366d677d6ddf66713627e5619ef32614f35f75f02475c99777da1e691a3c538b01bcd329177fa251b0f838a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Bginfo64.exe
Filesize
24KB

MD5
c6b3c81dff28dce882ba4f9f1d428423

SHA1
2d31bae0b83b12511a49a81938fd350e5c687331

SHA256
9e09478d6a518fd99520c36cadf415d34c52efc444dfc8bb8edbf92af66ca788

SHA512
fa19706c17659976402380ee2852470092272300366d677d6ddf66713627e5619ef32614f35f75f02475c99777da1e691a3c538b01bcd329177fa251b0f838a6

Download Submit
C:\Users\Admin\qKcIEUkw\CCgwwIYo.exe
Filesize
433KB

MD5
4bc61f59268cc8b7a5f932f2e44b7480

SHA1
36762095d70e570587ed2818f57020029565afe2

SHA256
2ac6e3f0bdb37a344437227fbcce593227fe44aa761d83aa58e169591cdb500c

SHA512
c66f53569228bef60cde5d5e4637099dd23465b7549ac64879f127335fb6896b6e985911291581783a6cae4d705392e35b99161de78cb5fc6d938b4c2d1b2184

Download Submit
C:\Users\Admin\qKcIEUkw\CCgwwIYo.exe
Filesize
433KB

MD5
4bc61f59268cc8b7a5f932f2e44b7480

SHA1
36762095d70e570587ed2818f57020029565afe2

SHA256
2ac6e3f0bdb37a344437227fbcce593227fe44aa761d83aa58e169591cdb500c

SHA512
c66f53569228bef60cde5d5e4637099dd23465b7549ac64879f127335fb6896b6e985911291581783a6cae4d705392e35b99161de78cb5fc6d938b4c2d1b2184

Download Submit
memory/632-143-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/632-156-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/1292-132-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1292-153-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1316-141-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/1316-133-0x0000000000000000-mapping.dmp

Download
memory/1316-154-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/1444-142-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/1444-136-0x0000000000000000-mapping.dmp

Download
memory/1444-155-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/2808-144-0x0000000000000000-mapping.dmp

Download
memory/3008-150-0x0000000000000000-mapping.dmp

Download
memory/4140-149-0x0000000000000000-mapping.dmp

Download
memory/4532-151-0x0000000000800000-0x000000000080C000-memory.dmp

Filesize
48KB

Download
memory/4532-152-0x00007FF970940000-0x00007FF971401000-memory.dmp

Filesize
10.8MB

Download
memory/4532-145-0x0000000000000000-mapping.dmp

Download
memory/4700-148-0x0000000000000000-mapping.dmp

Download

pid	process
1316	CCgwwIYo.exe
1444	DmEEAIsk.exe
632	BewQksAI.exe
4532	Bginfo64.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads