mystic | 04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07/10/2023, 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa_JC.exe
Size

1.2MB
MD5

7b68089b89d04dd24d22a1332d87cf08
SHA1

66d956dadfe8dc098330dc3ec94a6a625c6a0462
SHA256

04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa
SHA512

0c1e561ae6e3c4111379c19618bc871c9c12b27ea5d2ae50396682e433e8369a97577e1b5f5ee3816fd2f4dfe2d8f749261a19c4cc20d0c517edfb282b45b592
SSDEEP

24576:dyXzrx5oWmhku7V5d2FZ9+p3tthEEovRH3OIspEK:4XJ5oJhR0Ff+t3EEopeIw

Score

10^/10

mystic redline gigant infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

gigant

77.91.124.55:19071

Signatures

Detect Mystic stealer payload 4 IoCs

resource	yara_rule
behavioral2/memory/64-35-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral2/memory/64-37-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral2/memory/64-36-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral2/memory/64-39-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic

Mystic
Mystic is an infostealer written in C++.
stealer mystic
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 3 IoCs

resource	yara_rule
behavioral2/files/0x000700000002325d-41.dat	family_redline
behavioral2/files/0x000700000002325d-42.dat	family_redline
behavioral2/memory/3824-43-0x0000000000550000-0x000000000058E000-memory.dmp	family_redline

Executes dropped EXE 6 IoCs

pid	Process
4148	Gp6VD5cp.exe
4864	Di7kU6hV.exe
4712	Qx0JO7Ga.exe
2020	OD7gs6lm.exe
4192	1Ou44cU8.exe
3824	2cX813nF.exe

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	Gp6VD5cp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	Di7kU6hV.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	Qx0JO7Ga.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP004.TMP\\\""	OD7gs6lm.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	NEAS.04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa_JC.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4192 set thread context of 64	4192	1Ou44cU8.exe	92

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3988	64	WerFault.exe	92
4512	4192	WerFault.exe	90

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4628	svchost.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 4148	1040	NEAS.04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa_JC.exe	86
PID 1040 wrote to memory of 4148	1040	NEAS.04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa_JC.exe	86
PID 1040 wrote to memory of 4148	1040	NEAS.04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa_JC.exe	86
PID 4148 wrote to memory of 4864	4148	Gp6VD5cp.exe	87
PID 4148 wrote to memory of 4864	4148	Gp6VD5cp.exe	87
PID 4148 wrote to memory of 4864	4148	Gp6VD5cp.exe	87
PID 4864 wrote to memory of 4712	4864	Di7kU6hV.exe	88
PID 4864 wrote to memory of 4712	4864	Di7kU6hV.exe	88
PID 4864 wrote to memory of 4712	4864	Di7kU6hV.exe	88
PID 4712 wrote to memory of 2020	4712	Qx0JO7Ga.exe	89
PID 4712 wrote to memory of 2020	4712	Qx0JO7Ga.exe	89
PID 4712 wrote to memory of 2020	4712	Qx0JO7Ga.exe	89
PID 2020 wrote to memory of 4192	2020	OD7gs6lm.exe	90
PID 2020 wrote to memory of 4192	2020	OD7gs6lm.exe	90
PID 2020 wrote to memory of 4192	2020	OD7gs6lm.exe	90
PID 4192 wrote to memory of 64	4192	1Ou44cU8.exe	92
PID 4192 wrote to memory of 64	4192	1Ou44cU8.exe	92
PID 4192 wrote to memory of 64	4192	1Ou44cU8.exe	92
PID 4192 wrote to memory of 64	4192	1Ou44cU8.exe	92
PID 4192 wrote to memory of 64	4192	1Ou44cU8.exe	92
PID 4192 wrote to memory of 64	4192	1Ou44cU8.exe	92
PID 4192 wrote to memory of 64	4192	1Ou44cU8.exe	92
PID 4192 wrote to memory of 64	4192	1Ou44cU8.exe	92
PID 4192 wrote to memory of 64	4192	1Ou44cU8.exe	92
PID 4192 wrote to memory of 64	4192	1Ou44cU8.exe	92
PID 2020 wrote to memory of 3824	2020	OD7gs6lm.exe	98
PID 2020 wrote to memory of 3824	2020	OD7gs6lm.exe	98
PID 2020 wrote to memory of 3824	2020	OD7gs6lm.exe	98

C:\Users\Admin\AppData\Local\Temp\NEAS.04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa_JC.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gp6VD5cp.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gp6VD5cp.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:4148
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Di7kU6hV.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Di7kU6hV.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Qx0JO7Ga.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Qx0JO7Ga.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\OD7gs6lm.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\OD7gs6lm.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1Ou44cU8.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1Ou44cU8.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:4192
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        7⤵
        
        PID:64
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 540
        8⤵
        Program crash
        
        PID:3988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 156
        7⤵
        Program crash
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2cX813nF.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2cX813nF.exe
        6⤵
        Executes dropped EXE
        
        PID:3824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 64 -ip 64
1⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4192 -ip 4192
1⤵
PID:4528

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3848

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gp6VD5cp.exe

Filesize
1.0MB

MD5
350a9aefb013b853f73d99cedd610549

SHA1
9b31e2f5ecd0d35f40ee4ef9b178065d015183b6

SHA256
0708a0d94f95345b0f7971438db685a48b2fe9f61f2776bca56d20e6415ef320

SHA512
58727bf11ace8b19aa4bb3064ef124fb7f240ec5e5083dc7ee7ab28d199f1003d7b90fd4c0cdcf8f11bf63b9cf2dd742881a109071f2c95fd72b16f49e7e14d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Gp6VD5cp.exe

Filesize
1.0MB

MD5
350a9aefb013b853f73d99cedd610549

SHA1
9b31e2f5ecd0d35f40ee4ef9b178065d015183b6

SHA256
0708a0d94f95345b0f7971438db685a48b2fe9f61f2776bca56d20e6415ef320

SHA512
58727bf11ace8b19aa4bb3064ef124fb7f240ec5e5083dc7ee7ab28d199f1003d7b90fd4c0cdcf8f11bf63b9cf2dd742881a109071f2c95fd72b16f49e7e14d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Di7kU6hV.exe

Filesize
884KB

MD5
faf29c5bfb1c743cfb4533d937cb948e

SHA1
0c6cbc17f12f05ed0901b26acbfd2c602d407259

SHA256
8b23865c9d2ef9bb55779b50828a932163c41986847859fbf7a7aa7036a2b66a

SHA512
99ea67c12671e2cd2185f6dc360fee776b0f5e3e984b4130889ba563d1e0293159451de135508cdd6ef5dff86f2f7290a208ac7dfd169d760192339fa94fe1f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Di7kU6hV.exe

Filesize
884KB

MD5
faf29c5bfb1c743cfb4533d937cb948e

SHA1
0c6cbc17f12f05ed0901b26acbfd2c602d407259

SHA256
8b23865c9d2ef9bb55779b50828a932163c41986847859fbf7a7aa7036a2b66a

SHA512
99ea67c12671e2cd2185f6dc360fee776b0f5e3e984b4130889ba563d1e0293159451de135508cdd6ef5dff86f2f7290a208ac7dfd169d760192339fa94fe1f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Qx0JO7Ga.exe

Filesize
590KB

MD5
0967c4ca01d4cba8a138452daad2a4b7

SHA1
6a9f5a8af4f8fbf4804001cd2eb47b4f27cbe9d2

SHA256
b030de41361a5885ed02752bf9b2d11da1af3e778bbcc46a4c6f74976facf89b

SHA512
c00a6d9e096ee77ffb4835ad16e1b517ebffad4282db226ed9f0c43f67d8950dd32b54310e0a66aebca1f091e017a885bc0664180673a3fafcc344c5d406f6e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Qx0JO7Ga.exe

Filesize
590KB

MD5
0967c4ca01d4cba8a138452daad2a4b7

SHA1
6a9f5a8af4f8fbf4804001cd2eb47b4f27cbe9d2

SHA256
b030de41361a5885ed02752bf9b2d11da1af3e778bbcc46a4c6f74976facf89b

SHA512
c00a6d9e096ee77ffb4835ad16e1b517ebffad4282db226ed9f0c43f67d8950dd32b54310e0a66aebca1f091e017a885bc0664180673a3fafcc344c5d406f6e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\OD7gs6lm.exe

Filesize
417KB

MD5
3445d676db6b3d9d4928cbfdee5ce3be

SHA1
fa37bee8ae0d2beeb22d5722648fd296df0decaa

SHA256
90cc0eb1b01bca5b36373198fd7c25b5760042a69030929d29fbf03db7eaf894

SHA512
a1d0d850f3b2145e3c3c7eb9112bea017e0c760591bb0c192b2437fca3513e5aa046d85360a006704b6ebc43981a03a4ee642172780a00f8dc31f562f1bfdf24

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\OD7gs6lm.exe

Filesize
417KB

MD5
3445d676db6b3d9d4928cbfdee5ce3be

SHA1
fa37bee8ae0d2beeb22d5722648fd296df0decaa

SHA256
90cc0eb1b01bca5b36373198fd7c25b5760042a69030929d29fbf03db7eaf894

SHA512
a1d0d850f3b2145e3c3c7eb9112bea017e0c760591bb0c192b2437fca3513e5aa046d85360a006704b6ebc43981a03a4ee642172780a00f8dc31f562f1bfdf24

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1Ou44cU8.exe

Filesize
378KB

MD5
f0831f173733de08511f3a0739f278a6

SHA1
06dc809d653c5d2c97386084ae13b50a73eb5b60

SHA256
8b00f9dce8ceb2123fba3bc9f88419960d1e661b6287eafeba4f0a2ee4be3d27

SHA512
19e3176ce1f154758f685cc4582e93587aa534a251de315473e35758dcd6ff6315880be7602097308dc89c355742be4729bad81de597e8d430a8e868082314e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1Ou44cU8.exe

Filesize
378KB

MD5
f0831f173733de08511f3a0739f278a6

SHA1
06dc809d653c5d2c97386084ae13b50a73eb5b60

SHA256
8b00f9dce8ceb2123fba3bc9f88419960d1e661b6287eafeba4f0a2ee4be3d27

SHA512
19e3176ce1f154758f685cc4582e93587aa534a251de315473e35758dcd6ff6315880be7602097308dc89c355742be4729bad81de597e8d430a8e868082314e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2cX813nF.exe

Filesize
231KB

MD5
d0165cebe4443ac7f5d2b8c85f89f3bd

SHA1
5caa5137538f3363cf02188bf59066ca351f5f1b

SHA256
22b8bf3184007ff96e992a4b2aa7892b2463c49c9ebea52a21e8a3b774f9014a

SHA512
75cbae061efb3a1acbbdf6f5becd9e96e57dd06fec84e22cde1bb735569160935f388899c4f7d0ef39e7cacacb5606f1e691b470823fc24dd5836fc0db0e4343

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2cX813nF.exe

Filesize
231KB

MD5
d0165cebe4443ac7f5d2b8c85f89f3bd

SHA1
5caa5137538f3363cf02188bf59066ca351f5f1b

SHA256
22b8bf3184007ff96e992a4b2aa7892b2463c49c9ebea52a21e8a3b774f9014a

SHA512
75cbae061efb3a1acbbdf6f5becd9e96e57dd06fec84e22cde1bb735569160935f388899c4f7d0ef39e7cacacb5606f1e691b470823fc24dd5836fc0db0e4343

Download Submit
memory/64-35-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/64-37-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/64-36-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/64-39-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3824-53-0x00000000078E0000-0x000000000792C000-memory.dmp

Filesize
304KB

Download
memory/3824-43-0x0000000000550000-0x000000000058E000-memory.dmp

Filesize
248KB

Download
memory/3824-45-0x0000000007960000-0x0000000007F04000-memory.dmp

Filesize
5.6MB

Download
memory/3824-46-0x0000000007450000-0x00000000074E2000-memory.dmp

Filesize
584KB

Download
memory/3824-47-0x00000000076B0000-0x00000000076C0000-memory.dmp

Filesize
64KB

Download
memory/3824-48-0x0000000007600000-0x000000000760A000-memory.dmp

Filesize
40KB

Download
memory/3824-49-0x0000000008530000-0x0000000008B48000-memory.dmp

Filesize
6.1MB

Download
memory/3824-50-0x00000000077D0000-0x00000000078DA000-memory.dmp

Filesize
1.0MB

Download
memory/3824-51-0x00000000076F0000-0x0000000007702000-memory.dmp

Filesize
72KB

Download
memory/3824-52-0x0000000007750000-0x000000000778C000-memory.dmp

Filesize
240KB

Download
memory/3824-44-0x00000000749E0000-0x0000000075190000-memory.dmp

Filesize
7.7MB

Download
memory/3824-54-0x00000000749E0000-0x0000000075190000-memory.dmp

Filesize
7.7MB

Download
memory/3824-55-0x00000000076B0000-0x00000000076C0000-memory.dmp

Filesize
64KB

Download
memory/4628-92-0x000001BC9A470000-0x000001BC9A471000-memory.dmp

Filesize
4KB

Download
memory/4628-97-0x000001BC9A470000-0x000001BC9A471000-memory.dmp

Filesize
4KB

Download
memory/4628-88-0x000001BC9A440000-0x000001BC9A441000-memory.dmp

Filesize
4KB

Download
memory/4628-89-0x000001BC9A470000-0x000001BC9A471000-memory.dmp

Filesize
4KB

Download
memory/4628-90-0x000001BC9A470000-0x000001BC9A471000-memory.dmp

Filesize
4KB

Download
memory/4628-91-0x000001BC9A470000-0x000001BC9A471000-memory.dmp

Filesize
4KB

Download
memory/4628-56-0x000001BC91D50000-0x000001BC91D60000-memory.dmp

Filesize
64KB

Download
memory/4628-93-0x000001BC9A470000-0x000001BC9A471000-memory.dmp

Filesize
4KB

Download
memory/4628-94-0x000001BC9A470000-0x000001BC9A471000-memory.dmp

Filesize
4KB

Download
memory/4628-95-0x000001BC9A470000-0x000001BC9A471000-memory.dmp

Filesize
4KB

Download
memory/4628-96-0x000001BC9A470000-0x000001BC9A471000-memory.dmp

Filesize
4KB

Download
memory/4628-72-0x000001BC91E50000-0x000001BC91E60000-memory.dmp

Filesize
64KB

Download
memory/4628-98-0x000001BC9A470000-0x000001BC9A471000-memory.dmp

Filesize
4KB

Download
memory/4628-99-0x000001BC9A090000-0x000001BC9A091000-memory.dmp

Filesize
4KB

Download
memory/4628-100-0x000001BC9A080000-0x000001BC9A081000-memory.dmp

Filesize
4KB

Download
memory/4628-102-0x000001BC9A090000-0x000001BC9A091000-memory.dmp

Filesize
4KB

Download
memory/4628-105-0x000001BC9A080000-0x000001BC9A081000-memory.dmp

Filesize
4KB

Download
memory/4628-108-0x000001BC99FC0000-0x000001BC99FC1000-memory.dmp

Filesize
4KB

Download
memory/4628-120-0x000001BC9A1C0000-0x000001BC9A1C1000-memory.dmp

Filesize
4KB

Download
memory/4628-122-0x000001BC9A1D0000-0x000001BC9A1D1000-memory.dmp

Filesize
4KB

Download
memory/4628-123-0x000001BC9A1D0000-0x000001BC9A1D1000-memory.dmp

Filesize
4KB

Download
memory/4628-124-0x000001BC9A2E0000-0x000001BC9A2E1000-memory.dmp

Filesize
4KB

Download
memory/4628-125-0x000001BC9A1E0000-0x000001BC9A1E1000-memory.dmp

Filesize
4KB

Download
memory/4628-126-0x000001BC9A1D0000-0x000001BC9A1D1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads