djvu | cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4

General

Target

cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe
Size

700KB
MD5

c5874fc9ec42c57284cd093aceb37a65
SHA1

f89d16bde4bcd7509a7a8dd4c813f40b283cdfac
SHA256

cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4
SHA512

6a405bb11abb667f001a832551c8de2b2883d910be51ef80f873d0ff7c47537ab6522e77bbca4592e5c9d264c36e506197fb7e166bf75d767245b47d3622aedd
SSDEEP

12288:cKwAMYEYALwSNsX6ILzHg18QfiIVnt8Hl6PbGiaBROGSt:n/EYawTzLLgFfpht8FYG1BR

Score

10^/10

djvu vidar discovery persistence ransomware stealer

Malware Config

Extracted

Family

djvu

C2

http://zexeq.com/test1/get.php

Attributes

extension
.cdwe
offline_id
dSwr1XNNi5cIitB5eDPbMANcusB1dWGDB8ToUnt1
payload_url
http://brusuax.com/dl/build2.exe

http://zexeq.com/files/1/build3.exe
ransomnote
ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-e21iz7dS58 Price of private key and decrypt software is $1999. Discount 50% available if you contact us first 72 hours, that's price for you is $999. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0842ASdw

rsa_pubkey.plain

Signatures

Detect Vidar Stealer 5 IoCs

stealer

resource	yara_rule
behavioral2/memory/4604-56-0x0000000000400000-0x000000000063D000-memory.dmp	family_vidar_v6
behavioral2/memory/4568-60-0x00000000009B0000-0x00000000009DA000-memory.dmp	family_vidar_v6
behavioral2/memory/4604-61-0x0000000000400000-0x000000000063D000-memory.dmp	family_vidar_v6
behavioral2/memory/4604-62-0x0000000000400000-0x000000000063D000-memory.dmp	family_vidar_v6
behavioral2/memory/4604-67-0x0000000000400000-0x000000000063D000-memory.dmp	family_vidar_v6

Detected Djvu ransomware 16 IoCs

resource	yara_rule
behavioral2/memory/220-6-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/220-5-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/220-4-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/3516-3-0x00000000026B0000-0x00000000027CB000-memory.dmp	family_djvu
behavioral2/memory/220-2-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/220-17-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4684-23-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4684-24-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4684-22-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4684-29-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4684-30-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4684-37-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4684-36-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4684-34-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4684-38-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4684-52-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu

Djvu Ransomware
Ransomware which is a variant of the STOP family.
ransomware djvu
Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Downloads MZ/PE file

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1704	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\879167c5-2992-46c1-93cb-eefdec05d5f1\\cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe\" --AutoStart"	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	api.2ip.ua
3	api.2ip.ua
17	api.2ip.ua

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3516 set thread context of 220	3516	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	74
PID 4344 set thread context of 4684	4344	mstsca.exe	78

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4692	4604	WerFault.exe	81

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
3064	schtasks.exe
4036	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
220	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe
220	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 3516 wrote to memory of 220	3516	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	74
PID 3516 wrote to memory of 220	3516	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	74
PID 3516 wrote to memory of 220	3516	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	74
PID 3516 wrote to memory of 220	3516	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	74
PID 3516 wrote to memory of 220	3516	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	74
PID 3516 wrote to memory of 220	3516	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	74
PID 3516 wrote to memory of 220	3516	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	74
PID 3516 wrote to memory of 220	3516	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	74
PID 3516 wrote to memory of 220	3516	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	74
PID 3516 wrote to memory of 220	3516	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	74
PID 220 wrote to memory of 1704	220	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	77
PID 220 wrote to memory of 1704	220	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	77
PID 220 wrote to memory of 1704	220	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	77
PID 220 wrote to memory of 4344	220	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	93
PID 220 wrote to memory of 4344	220	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	93
PID 220 wrote to memory of 4344	220	cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe	93
PID 4344 wrote to memory of 4684	4344	mstsca.exe	78
PID 4344 wrote to memory of 4684	4344	mstsca.exe	78
PID 4344 wrote to memory of 4684	4344	mstsca.exe	78
PID 4344 wrote to memory of 4684	4344	mstsca.exe	78
PID 4344 wrote to memory of 4684	4344	mstsca.exe	78
PID 4344 wrote to memory of 4684	4344	mstsca.exe	78
PID 4344 wrote to memory of 4684	4344	mstsca.exe	78
PID 4344 wrote to memory of 4684	4344	mstsca.exe	78
PID 4344 wrote to memory of 4684	4344	mstsca.exe	78
PID 4344 wrote to memory of 4684	4344	mstsca.exe	78

C:\Users\Admin\AppData\Local\Temp\cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe
"C:\Users\Admin\AppData\Local\Temp\cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3516
- C:\Users\Admin\AppData\Local\Temp\cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe
  "C:\Users\Admin\AppData\Local\Temp\cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe"
  2⤵
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:220
- - C:\Users\Admin\AppData\Local\Temp\cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe
    "C:\Users\Admin\AppData\Local\Temp\cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe" --Admin IsNotAutoStart IsNotTask
    3⤵
    PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe
      "C:\Users\Admin\AppData\Local\Temp\cde358c9cbfcbdb539b7f3c13174bd75657ec9d65eddf472c3895735a71128c4.exe" --Admin IsNotAutoStart IsNotTask
      4⤵
      PID:4684
    - - C:\Users\Admin\AppData\Local\6340a5ee-bf7f-4c4c-8bde-516065591ebd\build2.exe
        
        "C:\Users\Admin\AppData\Local\6340a5ee-bf7f-4c4c-8bde-516065591ebd\build2.exe"
        5⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\6340a5ee-bf7f-4c4c-8bde-516065591ebd\build2.exe
        
        "C:\Users\Admin\AppData\Local\6340a5ee-bf7f-4c4c-8bde-516065591ebd\build2.exe"
        6⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 1148
        7⤵
        Program crash
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\6340a5ee-bf7f-4c4c-8bde-516065591ebd\build3.exe
        
        "C:\Users\Admin\AppData\Local\6340a5ee-bf7f-4c4c-8bde-516065591ebd\build3.exe"
        5⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\6340a5ee-bf7f-4c4c-8bde-516065591ebd\build3.exe
        
        "C:\Users\Admin\AppData\Local\6340a5ee-bf7f-4c4c-8bde-516065591ebd\build3.exe"
        6⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\schtasks.exe
        
        /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
        7⤵
        Creates scheduled task(s)
        
        PID:4036
- - C:\Windows\SysWOW64\icacls.exe
    icacls "C:\Users\Admin\AppData\Local\879167c5-2992-46c1-93cb-eefdec05d5f1" /deny *S-1-1-0:(OI)(CI)(DE,DC)
    3⤵
    - Modifies file permissions
    PID:1704

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
1⤵
PID:4412
- C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
  C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
  2⤵
  PID:2436

C:\Windows\SysWOW64\schtasks.exe
/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
1⤵
- Creates scheduled task(s)
PID:3064

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
1⤵
PID:1516
- C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
  C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:4344

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
1⤵
PID:2480
- C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
  C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
  2⤵
  PID:812

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
1⤵
PID:1012
- C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
  C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
  2⤵
  PID:4428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1

T1053

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
60a5e0473de1471940dbbea528dd3e33

SHA1
40b5e0f3932093d5106d1bf53a912c6cd48e1e9a

SHA256
6f76f374963b90b7a8e18c72f40f8836ccef657a08530bf6539ea5bd03dbc494

SHA512
1b18e92207cb28cef1def502ad7c8a380deada35e727421b5fadf0c8f32af39675009da07aa4fdbeb4693b516b354d0d369faf96f8f39a53b8ed81680eae5c30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
f0eff624eb476736d4784bf9786625f5

SHA1
023fa9128f4cd4064ffd3d53208baa727b8beb04

SHA256
353dd36a7e0adc9e16ecbee63b8b5e5cbb2e3c1593e2c368ce222f441108b96b

SHA512
d690de2ed46293bfdd879b81193cd19b0b1d501322cd511bca21e83cc58c06cdcbd6a9a4304a087baf6bd2119efb63f70ac6d8bbaa52f324cb70359d59d48afd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
cb9ae359c2744c5339bc957ce0e74d5d

SHA1
1b356c7c9eefeb761b5b6dcc62ebf85177396b78

SHA256
2374e0aa343358a2f6f886169e02a68ba06c0265576a8d9f9c9183b61d42328e

SHA512
e021eecdcb417d4180f0c0ba1de4060002e3289d939018cba1eba314d28f4cba07896fd9763be1461251f85c2e7f69e4e95588b0f41ea434c3ec9b458b94bb63

Download Submit
C:\Users\Admin\AppData\Local\6340a5ee-bf7f-4c4c-8bde-516065591ebd\build3.exe

Filesize
299KB

MD5
41b883a061c95e9b9cb17d4ca50de770

SHA1
1daf96ec21d53d9a4699cea9b4db08cda6fbb5ad

SHA256
fef2c8ca07c500e416fd7700a381c39899ee26ce1119f62e7c65cf922ce8b408

SHA512
cdd1bb3a36182575cd715a52815765161eeaa3849e72c1c2a9a4e84cc43af9f8ec4997e642702bb3de41f162d2e8fd8717f6f8302bba5306821ee4d155626319

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

Filesize
34KB

MD5
b72948bb7782d18869358f826205d6bf

SHA1
fefa2a7c4b7985e73621555a3445698a7d2eccf4

SHA256
5cb93196854a2795d397da2a630a869aab8fe626ac4c163c5aa68fff279eaa9c

SHA512
bd75b1c1c6976aee54039ac58cc6276c23fd1d2815f719d55e96ad6d8139ae2a3ca282e3e5af72354c65f43d9d50afefdff4b9348bf9267795f0d7eb91951ae0

Download Submit
memory/220-6-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/220-5-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/220-4-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/220-2-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/220-17-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/1012-176-0x0000000000A1E000-0x0000000000A2E000-memory.dmp

Filesize
64KB

Download
memory/1516-122-0x000000000089E000-0x00000000008AE000-memory.dmp

Filesize
64KB

Download
memory/2480-150-0x000000000088E000-0x000000000089E000-memory.dmp

Filesize
64KB

Download
memory/3232-84-0x00000000001F0000-0x00000000001F4000-memory.dmp

Filesize
16KB

Download
memory/3232-74-0x00000000001F0000-0x00000000001F4000-memory.dmp

Filesize
16KB

Download
memory/3232-73-0x0000000000980000-0x0000000000A80000-memory.dmp

Filesize
1024KB

Download
memory/3516-1-0x0000000002570000-0x0000000002605000-memory.dmp

Filesize
596KB

Download
memory/3516-3-0x00000000026B0000-0x00000000027CB000-memory.dmp

Filesize
1.1MB

Download
memory/4228-69-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4228-75-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4228-77-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4344-20-0x0000000000A70000-0x0000000000B09000-memory.dmp

Filesize
612KB

Download
memory/4412-99-0x000000000083A000-0x000000000084A000-memory.dmp

Filesize
64KB

Download
memory/4568-57-0x0000000000B70000-0x0000000000C70000-memory.dmp

Filesize
1024KB

Download
memory/4568-60-0x00000000009B0000-0x00000000009DA000-memory.dmp

Filesize
168KB

Download
memory/4604-67-0x0000000000400000-0x000000000063D000-memory.dmp

Filesize
2.2MB

Download
memory/4604-62-0x0000000000400000-0x000000000063D000-memory.dmp

Filesize
2.2MB

Download
memory/4604-56-0x0000000000400000-0x000000000063D000-memory.dmp

Filesize
2.2MB

Download
memory/4604-61-0x0000000000400000-0x000000000063D000-memory.dmp

Filesize
2.2MB

Download
memory/4684-37-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4684-34-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4684-36-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4684-38-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4684-30-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4684-52-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4684-29-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4684-22-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4684-24-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4684-23-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads