xorddos | ffe9f7c5d8645d51226f325ba7e6dc5513215fd4ede071509c03d8797a04c74d

Analysis

max time kernel
151s
max time network
154s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231026-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231026-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
28/10/2023, 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154.elf
Size

611KB
MD5

ff1a3683a5ad87f88858e92fbcf1ae57
SHA1

ce220486f7d4723406582f8496e8483bcc546beb
SHA256

d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154
SHA512

9039533b03c9cbd3a31d1f232080a7c6296a74e36cad46f31678478451b521d0c19cc5cc25cf88bccc7c4ed006c2f99470595cdd34cf3814ee4509bb80d5eebd
SSDEEP

12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91h

Score

10^/10

xorddos antivm botnet downloader persistence

Malware Config

Extracted

Family

xorddos

http://www1.gggatat456.com/dd.rar

ppp.gggatat456.com:1525

ppp.xxxatat456.com:1525

p5.dddgata789.com:1525

p5.lpjulidny7.com:1525

Attributes

crc_polynomial
EDB88320

xor.plain

Signatures

XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
botnet downloader xorddos

XorDDoS payload 16 IoCs

resource	yara_rule
behavioral1/files/fstream-5.dat	family_xorddos
behavioral1/files/fstream-7.dat	family_xorddos
behavioral1/files/fstream-8.dat	family_xorddos
behavioral1/files/fstream-9.dat	family_xorddos
behavioral1/files/fstream-10.dat	family_xorddos
behavioral1/files/fstream-11.dat	family_xorddos
behavioral1/files/fstream-12.dat	family_xorddos
behavioral1/files/fstream-13.dat	family_xorddos
behavioral1/files/fstream-14.dat	family_xorddos
behavioral1/files/fstream-15.dat	family_xorddos
behavioral1/files/fstream-16.dat	family_xorddos
behavioral1/files/fstream-17.dat	family_xorddos
behavioral1/files/fstream-18.dat	family_xorddos
behavioral1/files/fstream-19.dat	family_xorddos
behavioral1/files/fstream-20.dat	family_xorddos
behavioral1/files/fstream-21.dat	family_xorddos

Deletes itself 4 IoCs

pid
1635
1637
1640
1631

Executes dropped EXE 24 IoCs

ioc	pid	Process
/usr/bin/pnuvlnealg	1549	pnuvlnealg
/usr/bin/pnuvlnealg	1571	pnuvlnealg
/usr/bin/pnuvlnealg	1575	pnuvlnealg
/usr/bin/pnuvlnealg	1577	pnuvlnealg
/usr/bin/pnuvlnealg	1581	pnuvlnealg
/usr/bin/huzasrgnfl	1584	huzasrgnfl
/usr/bin/huzasrgnfl	1586	huzasrgnfl
/usr/bin/huzasrgnfl	1590	huzasrgnfl
/usr/bin/huzasrgnfl	1593	huzasrgnfl
/usr/bin/huzasrgnfl	1596	huzasrgnfl
/usr/bin/qslbtypgax	1599	qslbtypgax
/usr/bin/qslbtypgax	1602	qslbtypgax
/usr/bin/qslbtypgax	1604	qslbtypgax
/usr/bin/qslbtypgax	1608	qslbtypgax
/usr/bin/qslbtypgax	1610	qslbtypgax
/usr/bin/rlaagjekls	1614	rlaagjekls
/usr/bin/rlaagjekls	1616	rlaagjekls
/usr/bin/rlaagjekls	1620	rlaagjekls
/usr/bin/rlaagjekls	1623	rlaagjekls
/usr/bin/rlaagjekls	1626	rlaagjekls
/usr/bin/ldmrezetgo	1629	ldmrezetgo
/usr/bin/ldmrezetgo	1632	ldmrezetgo
/usr/bin/ldmrezetgo	1634	ldmrezetgo
/usr/bin/ldmrezetgo	1638	ldmrezetgo

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc
File opened for reading	/proc/cpuinfo

Creates/modifies Cron job 1 TTPs 2 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

persistence

Scheduled Task/Job

T1053

description	ioc	Process
File opened for modification	/etc/cron.hourly/gcc.sh	Process not Found
File opened for modification	/etc/crontab	sh

Modifies init.d 1 TTPs 1 IoCs

Adds/modifies system service, likely for persistence.

persistence

Boot or Logon Autostart Execution

T1547

description	ioc
File opened for modification	/etc/init.d/d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154.elf

Write file to user bin folder 1 TTPs 5 IoCs

Hijack Execution Flow

T1574

description	ioc
File opened for modification	/usr/bin/qslbtypgax
File opened for modification	/usr/bin/rlaagjekls
File opened for modification	/usr/bin/ldmrezetgo
File opened for modification	/usr/bin/pnuvlnealg
File opened for modification	/usr/bin/huzasrgnfl

Reads runtime system information 10 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/stat	Process not Found
File opened for reading	/proc/sys/kernel/osrelease	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/1/sched	systemctl
File opened for reading	/proc/meminfo	Process not Found
File opened for reading	/proc/rs_dev	Process not Found
File opened for reading	/proc/filesystems	sed

/tmp/d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154.elf
/tmp/d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154.elf
1⤵
PID:1532

/bin/sh
sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"
1⤵
- Creates/modifies Cron job
PID:1538
- /bin/sed
  sed -i "/\\/etc\\/cron.hourly\\/gcc.sh/d" /etc/crontab
  2⤵
  - Reads runtime system information
  PID:1539

/bin/chkconfig
chkconfig --add d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154.elf
1⤵
PID:1535

/sbin/chkconfig
chkconfig --add d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154.elf
1⤵
PID:1535

/usr/bin/chkconfig
chkconfig --add d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154.elf
1⤵
PID:1535

/usr/sbin/chkconfig
chkconfig --add d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154.elf
1⤵
PID:1535

/usr/local/bin/chkconfig
chkconfig --add d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154.elf
1⤵
PID:1535

/usr/local/sbin/chkconfig
chkconfig --add d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154.elf
1⤵
PID:1535

/usr/X11R6/bin/chkconfig
chkconfig --add d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154.elf
1⤵
PID:1535

/bin/update-rc.d
update-rc.d d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154.elf defaults
1⤵
PID:1537

/sbin/update-rc.d
update-rc.d d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154.elf defaults
1⤵
PID:1537

/usr/bin/update-rc.d
update-rc.d d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154.elf defaults
1⤵
PID:1537

/usr/sbin/update-rc.d
update-rc.d d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154.elf defaults
1⤵
PID:1537
- /bin/systemctl
  systemctl daemon-reload
  2⤵
  - Reads runtime system information
  PID:1543

/usr/bin/pnuvlnealg
/usr/bin/pnuvlnealg "sleep 1" 1533
1⤵
- Executes dropped EXE
PID:1549

/usr/bin/pnuvlnealg
/usr/bin/pnuvlnealg "route -n" 1533
1⤵
- Executes dropped EXE
PID:1571

/usr/bin/pnuvlnealg
/usr/bin/pnuvlnealg top 1533
1⤵
- Executes dropped EXE
PID:1575

/usr/bin/pnuvlnealg
/usr/bin/pnuvlnealg "ls -la" 1533
1⤵
- Executes dropped EXE
PID:1577

/usr/bin/pnuvlnealg
/usr/bin/pnuvlnealg su 1533
1⤵
- Executes dropped EXE
PID:1581

/usr/bin/huzasrgnfl
/usr/bin/huzasrgnfl "netstat -an" 1533
1⤵
- Executes dropped EXE
PID:1584

/usr/bin/huzasrgnfl
/usr/bin/huzasrgnfl "sleep 1" 1533
1⤵
- Executes dropped EXE
PID:1586

/usr/bin/huzasrgnfl
/usr/bin/huzasrgnfl "cd /etc" 1533
1⤵
- Executes dropped EXE
PID:1590

/usr/bin/huzasrgnfl
/usr/bin/huzasrgnfl "route -n" 1533
1⤵
- Executes dropped EXE
PID:1593

/usr/bin/huzasrgnfl
/usr/bin/huzasrgnfl "ps -ef" 1533
1⤵
- Executes dropped EXE
PID:1596

/usr/bin/qslbtypgax
/usr/bin/qslbtypgax su 1533
1⤵
- Executes dropped EXE
PID:1599

/usr/bin/qslbtypgax
/usr/bin/qslbtypgax "grep \"A\"" 1533
1⤵
- Executes dropped EXE
PID:1602

/usr/bin/qslbtypgax
/usr/bin/qslbtypgax "netstat -antop" 1533
1⤵
- Executes dropped EXE
PID:1604

/usr/bin/qslbtypgax
/usr/bin/qslbtypgax "cd /etc" 1533
1⤵
- Executes dropped EXE
PID:1608

/usr/bin/qslbtypgax
/usr/bin/qslbtypgax "route -n" 1533
1⤵
- Executes dropped EXE
PID:1610

/usr/bin/rlaagjekls
/usr/bin/rlaagjekls sh 1533
1⤵
- Executes dropped EXE
PID:1614

/usr/bin/rlaagjekls
/usr/bin/rlaagjekls bash 1533
1⤵
- Executes dropped EXE
PID:1616

/usr/bin/rlaagjekls
/usr/bin/rlaagjekls gnome-terminal 1533
1⤵
- Executes dropped EXE
PID:1620

/usr/bin/rlaagjekls
/usr/bin/rlaagjekls ls 1533
1⤵
- Executes dropped EXE
PID:1623

/usr/bin/rlaagjekls
/usr/bin/rlaagjekls su 1533
1⤵
- Executes dropped EXE
PID:1626

/usr/bin/ldmrezetgo
/usr/bin/ldmrezetgo sh 1533
1⤵
- Executes dropped EXE
PID:1629

/usr/bin/ldmrezetgo
/usr/bin/ldmrezetgo id 1533
1⤵
- Executes dropped EXE
PID:1632

/usr/bin/ldmrezetgo
/usr/bin/ldmrezetgo "cat resolv.conf" 1533
1⤵
- Executes dropped EXE
PID:1634

/usr/bin/ldmrezetgo
/usr/bin/ldmrezetgo "ls -la" 1533
1⤵
- Executes dropped EXE
PID:1638

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Hijack Execution Flow

T1574

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Hijack Execution Flow

T1574

Scheduled Task/Job

T1053

Defense Evasion

Hijack Execution Flow

T1574

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/cron.hourly/gcc.sh

Filesize
228B

MD5
3bab747cedc5f0ebe86aaa7f982470cd

SHA1
3c7d1c6931c2b3dae39d38346b780ea57c8e6142

SHA256
74d31cac40d98ee64df2a0c29ceb229d12ac5fa699c2ee512fc69360f0cf68c5

SHA512
21e8a6d9ca8531d37def83d8903e5b0fa11ecf33d85d05edab1e0feb4acac65ae2cf5222650fb9f533f459ccc51bb2903276ff6f827b847cc5e6dac7d45a0a42

Download Submit
/etc/init.d/d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154.elf

Filesize
605B

MD5
68d9b8e24b793dce56b03410a67bb067

SHA1
062ad1fa36977bc42a2c56283f5e69b69945142c

SHA256
c1b7bd7ad638d30c9678d6d566a598169191325fa8864420d1a4d059ecdc0797

SHA512
29e2fc329040c522400ac3981d9bff3d1115ebf09ffde1067234572d2b803cd39d32c9cca7ec767ded28eea7eee7254b227089506173e1b2ef46df08ff796a0a

Download Submit
/etc/sed8xdIXU

Filesize
722B

MD5
8f111d100ea459f68d333d63a8ef2205

SHA1
077ca9c46a964de67c0f7765745d5c6f9e2065c3

SHA256
0e5c204385b21e15b031c83f37212bf5a4ee77b51762b7b54bd6ad973ebdf354

SHA512
d81767b47fb84aaf435f930356ded574ee9825ec710a2e7c26074860d8a385741d65572740137b6f9686c285a32e2951ca933393b266746988f1737aad059adb

Download Submit
/lib/libudev.so

Filesize
611KB

MD5
ff1a3683a5ad87f88858e92fbcf1ae57

SHA1
ce220486f7d4723406582f8496e8483bcc546beb

SHA256
d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154

SHA512
9039533b03c9cbd3a31d1f232080a7c6296a74e36cad46f31678478451b521d0c19cc5cc25cf88bccc7c4ed006c2f99470595cdd34cf3814ee4509bb80d5eebd

Download Submit
/run/gcc.pid

Filesize
32B

MD5
a0536bcffba6335a72186b2d37228424

SHA1
da148b45390c8a2a2f89e58b570e3ac17695ddbc

SHA256
e1cff53266b8711a00ec93086b5b9583747e27647c7933e185226402b0d1deab

SHA512
a5f007ee03359b7f17a57ad8e9a6d6eb02a6ccb7aa87ba7c7ef5bf833d4b68caae8bce46c7ee8a20996aeab52bb7b594bbf64e35e6f01a2701bc9a704e9dad1e

Download Submit
/usr/bin/huzasrgnfl

Filesize
611KB

MD5
ff1a3683a5ad87f88858e92fbcf1ae57

SHA1
ce220486f7d4723406582f8496e8483bcc546beb

SHA256
d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154

SHA512
9039533b03c9cbd3a31d1f232080a7c6296a74e36cad46f31678478451b521d0c19cc5cc25cf88bccc7c4ed006c2f99470595cdd34cf3814ee4509bb80d5eebd

Download Submit
/usr/bin/huzasrgnfl

Filesize
611KB

MD5
0a413b315d7e4b2a6da388f34aba6aeb

SHA1
b8833d8f182bc5bb8a94697f263824f8319875df

SHA256
855c9f99ce59dde32aa2abe0eda17ef38425d03e3b00cd26d006519eef8164b9

SHA512
afa0e8eb117a388d452056824f6a7a819c39a00529c74ae606ca831056c4b0a47c75bf6ca164b3ddc53124686f47a95c15a91b6365bc47fd2283e605f0fd9128

Download Submit
/usr/bin/huzasrgnfl

Filesize
611KB

MD5
54757de3092ae09a2791c75dfad20be9

SHA1
f0abb6cbba0c8508658ede4e905934aa77430a6f

SHA256
8e4b7cd176bb284ae55db222021c77b0ccedb552fd3daa2f523d4b10da3b6704

SHA512
3eb4b4cf8ca7a77c27aa54f882b71eb8770712340d5cc752e01220482c40dc34d5f2d072e6946e1df11a397806812f7897a0be81445a1d7ce1176bac8e16a6e7

Download Submit
/usr/bin/ldmrezetgo

Filesize
611KB

MD5
ff1a3683a5ad87f88858e92fbcf1ae57

SHA1
ce220486f7d4723406582f8496e8483bcc546beb

SHA256
d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154

SHA512
9039533b03c9cbd3a31d1f232080a7c6296a74e36cad46f31678478451b521d0c19cc5cc25cf88bccc7c4ed006c2f99470595cdd34cf3814ee4509bb80d5eebd

Download Submit
/usr/bin/ldmrezetgo

Filesize
611KB

MD5
87faa5dde56fac4c1a059e11643e9044

SHA1
33548292797637e23abf066acc5a55b06219aa53

SHA256
9e1ce49f6fdc2291a9f049d79773b39a0cb51b5b3320d9ee01ab22f97b3d35e6

SHA512
575839e65e570e544c7731a9bc1e7b3c5d67cb1d9d5d3a260cd895adc925d2d6b1fa951047a5c215bfe4320a097cfdf441c29b74f9ef0ab731807aa8fd9296c6

Download Submit
/usr/bin/ldmrezetgo

Filesize
611KB

MD5
01c51a8526997f90fd4363583b3239df

SHA1
a0f962304d7bee5b3d1b38899239877c2595d611

SHA256
0493b01483643cc29255be92c8454a9485d2284bd14805987182521298b68437

SHA512
17e10fb7bdae3947cef2ec951fa971026a30610ca3a0bec81faf70e2d9384017045d8339dab0e48c4bb35e6740e5eda9e61450e3f0f372d77d9eb1dce2115698

Download Submit
/usr/bin/pnuvlnealg

Filesize
611KB

MD5
ff1a3683a5ad87f88858e92fbcf1ae57

SHA1
ce220486f7d4723406582f8496e8483bcc546beb

SHA256
d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154

SHA512
9039533b03c9cbd3a31d1f232080a7c6296a74e36cad46f31678478451b521d0c19cc5cc25cf88bccc7c4ed006c2f99470595cdd34cf3814ee4509bb80d5eebd

Download Submit
/usr/bin/pnuvlnealg

Filesize
611KB

MD5
9161f4b6a49fe4b2ca2ba014e775ccc9

SHA1
130bf87e0594cf66af2a8c7c053b1b75378f8adb

SHA256
29d8c60a7bfb80752860f3132f1efa43e31963e2db3846d5e134d609de4c44e4

SHA512
23c061b2585283917bef0f2b9ab8fed78422f36dd8fd286af9704274ebd9ee4dde013518fbea4ac8c7cbc899d2510cfcd35b76902e34793608092bda58bc6c15

Download Submit
/usr/bin/pnuvlnealg

Filesize
611KB

MD5
3532d33f5d28685887a243563e780fb3

SHA1
ddc2e28d92ecf052bcebf2f1b9e5b6f712205ae4

SHA256
b58ac4569e3f65a7e55c0a4f45207eb765341e1430b9614e1bedae3d04aa5951

SHA512
3233d791ac3c106fcbf49783598d809c7d6fa78f74f305e0289055d8d8da7b112bdeafe4bec7e54d556a2547356f5edabde4d4a7f35b8907dfd2b67909b49ebc

Download Submit
/usr/bin/qslbtypgax

Filesize
611KB

MD5
ff1a3683a5ad87f88858e92fbcf1ae57

SHA1
ce220486f7d4723406582f8496e8483bcc546beb

SHA256
d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154

SHA512
9039533b03c9cbd3a31d1f232080a7c6296a74e36cad46f31678478451b521d0c19cc5cc25cf88bccc7c4ed006c2f99470595cdd34cf3814ee4509bb80d5eebd

Download Submit
/usr/bin/qslbtypgax

Filesize
611KB

MD5
f3f0be74130b1f707148a181a97192a4

SHA1
5f25974e1d2bd19be420ae2d5a6701fc058b6ddf

SHA256
e6c5ed168b4997458bb077551491a9604d365d9f20b402a1bfca8b61cfe6ef67

SHA512
11c795d6596038640b18e21b8b14dbdd5c47f68900560dc4ff69f650b249c8b6294d171156592d40988d09d5bd09161eda66936483fc3f5f5f7fd2f85d0a630d

Download Submit
/usr/bin/qslbtypgax

Filesize
611KB

MD5
7552b2f931d9240a7b659bbaef18627a

SHA1
a24b6c63bb861a89cd9e972d3ba34f1095152f08

SHA256
a0c17c88d330b5bacaa24ff3589cab6f230a8380f97406e4b10c41fb9bcecac5

SHA512
342eeded8206815419c5466c77f650298435a961b17d1bd39b8d693e394f22f2b48ba402a604343a190f8e1d9b0914ca7023c608fd57510c8a6d824a19762c8f

Download Submit
/usr/bin/rlaagjekls

Filesize
611KB

MD5
ff1a3683a5ad87f88858e92fbcf1ae57

SHA1
ce220486f7d4723406582f8496e8483bcc546beb

SHA256
d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154

SHA512
9039533b03c9cbd3a31d1f232080a7c6296a74e36cad46f31678478451b521d0c19cc5cc25cf88bccc7c4ed006c2f99470595cdd34cf3814ee4509bb80d5eebd

Download Submit
/usr/bin/rlaagjekls

Filesize
611KB

MD5
728617ef810940d5bccb7e1b0a3afee6

SHA1
454ac50c7de24a10147e36f4a88d72eb1c68fe43

SHA256
dd4c6c82c117ab1b24c627f9a44940cbbd4006baf93e939ce86d7e21e8b1f357

SHA512
c30cc2623da15e137790a74e32098f981201b1d4fbf5bb2609f352eacf4a719df234d043f45de2bbdeb1efec36538d379f8ecfd18cc2e8b51aa5be57d8284e8b

Download Submit
/usr/bin/rlaagjekls

Filesize
611KB

MD5
35aa62601d289622701902c32ce996f0

SHA1
d60cb42ab506f97cbe775e1ed94a054b61b0b2de

SHA256
f421fad01bf903153750e6010b3e21f8ec0939cccb56f0b7339bc374e56fad79

SHA512
2e19cfdc2c1fb3573438ff13f7df961ace7ca8c430d223376dc66a503e3bd41e2a70b3422002a30c65e6a4b4b8eefa25bde729b77026209a0b42766457bc588b

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads