13f1b90886026c2d308afe638502053c6c5283438b4f5720dae2a8d3a2d5f891

General

Target

e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe
Size

96KB
MD5

e7422ac59dace586cc4e48e27b5d8f40
SHA1

a1819136bd1124750a7a2d34f8fcf46ff3460866
SHA256

13f1b90886026c2d308afe638502053c6c5283438b4f5720dae2a8d3a2d5f891
SHA512

b565774b31a4599c5dd77f6b7b447d77e1392062dd6820a4319b1ead1681205a648df730c11a0e3ab740a52ecbc2db4fd74bffa2b001e1e955be18fcc7aa7a3c
SSDEEP

1536:t/Q29Ol4qczE0Vw5qGYIHNtcPh42HW7zBBe9MbinV39+ChnSdFFn7Elz45zFV3z8:NJOHoKYIHNtcPh4ISBAMbqV39ThSdn7M

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 14 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Njacpf32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Njcpee32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ndghmo32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ncldnkae.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ncldnkae.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Nbhkac32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Njacpf32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ndghmo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Njcpee32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nqmhbpba.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Nqmhbpba.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Nbhkac32.exe

Executes dropped EXE 7 IoCs

pid	Process
2724	Njacpf32.exe
4600	Nbhkac32.exe
4448	Ndghmo32.exe
4008	Njcpee32.exe
5076	Nqmhbpba.exe
2960	Ncldnkae.exe
4652	Nkcmohbg.exe

Drops file in System32 directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Ndghmo32.exe	Nbhkac32.exe
File opened for modification	C:\Windows\SysWOW64\Njcpee32.exe	Ndghmo32.exe
File created	C:\Windows\SysWOW64\Ddpfgd32.dll	Ndghmo32.exe
File created	C:\Windows\SysWOW64\Bghhihab.dll	Njcpee32.exe
File created	C:\Windows\SysWOW64\Lmbnpm32.dll	e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\Ipkobd32.dll	Njacpf32.exe
File created	C:\Windows\SysWOW64\Ndghmo32.exe	Nbhkac32.exe
File created	C:\Windows\SysWOW64\Dlddhggk.dll	Nqmhbpba.exe
File created	C:\Windows\SysWOW64\Nkcmohbg.exe	Ncldnkae.exe
File opened for modification	C:\Windows\SysWOW64\Nkcmohbg.exe	Ncldnkae.exe
File opened for modification	C:\Windows\SysWOW64\Nbhkac32.exe	Njacpf32.exe
File created	C:\Windows\SysWOW64\Bdknoa32.dll	Nbhkac32.exe
File created	C:\Windows\SysWOW64\Nqmhbpba.exe	Njcpee32.exe
File created	C:\Windows\SysWOW64\Njcpee32.exe	Ndghmo32.exe
File opened for modification	C:\Windows\SysWOW64\Nqmhbpba.exe	Njcpee32.exe
File created	C:\Windows\SysWOW64\Ncldnkae.exe	Nqmhbpba.exe
File created	C:\Windows\SysWOW64\Hnibdpde.dll	Ncldnkae.exe
File created	C:\Windows\SysWOW64\Njacpf32.exe	e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe
File opened for modification	C:\Windows\SysWOW64\Njacpf32.exe	e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\Nbhkac32.exe	Njacpf32.exe
File opened for modification	C:\Windows\SysWOW64\Ncldnkae.exe	Nqmhbpba.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
952	4652	WerFault.exe	88

Modifies registry class 24 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Njacpf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Nqmhbpba.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}	e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Lmbnpm32.dll"	e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ipkobd32.dll"	Njacpf32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Njcpee32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bghhihab.dll"	Njcpee32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Njcpee32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ncldnkae.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Njacpf32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Ddpfgd32.dll"	Ndghmo32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Nbhkac32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Bdknoa32.dll"	Nbhkac32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Nbhkac32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ndghmo32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ndghmo32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Nqmhbpba.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dlddhggk.dll"	Nqmhbpba.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ncldnkae.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hnibdpde.dll"	Ncldnkae.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 2724	4820	e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe	82
PID 4820 wrote to memory of 2724	4820	e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe	82
PID 4820 wrote to memory of 2724	4820	e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe	82
PID 2724 wrote to memory of 4600	2724	Njacpf32.exe	83
PID 2724 wrote to memory of 4600	2724	Njacpf32.exe	83
PID 2724 wrote to memory of 4600	2724	Njacpf32.exe	83
PID 4600 wrote to memory of 4448	4600	Nbhkac32.exe	84
PID 4600 wrote to memory of 4448	4600	Nbhkac32.exe	84
PID 4600 wrote to memory of 4448	4600	Nbhkac32.exe	84
PID 4448 wrote to memory of 4008	4448	Ndghmo32.exe	85
PID 4448 wrote to memory of 4008	4448	Ndghmo32.exe	85
PID 4448 wrote to memory of 4008	4448	Ndghmo32.exe	85
PID 4008 wrote to memory of 5076	4008	Njcpee32.exe	86
PID 4008 wrote to memory of 5076	4008	Njcpee32.exe	86
PID 4008 wrote to memory of 5076	4008	Njcpee32.exe	86
PID 5076 wrote to memory of 2960	5076	Nqmhbpba.exe	87
PID 5076 wrote to memory of 2960	5076	Nqmhbpba.exe	87
PID 5076 wrote to memory of 2960	5076	Nqmhbpba.exe	87
PID 2960 wrote to memory of 4652	2960	Ncldnkae.exe	88
PID 2960 wrote to memory of 4652	2960	Ncldnkae.exe	88
PID 2960 wrote to memory of 4652	2960	Ncldnkae.exe	88

C:\Users\Admin\AppData\Local\Temp\e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e7422ac59dace586cc4e48e27b5d8f40_NeikiAnalytics.exe"
1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Windows\SysWOW64\Njacpf32.exe
  C:\Windows\system32\Njacpf32.exe
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Executes dropped EXE
  - Drops file in System32 directory
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Windows\SysWOW64\Nbhkac32.exe
    C:\Windows\system32\Nbhkac32.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    - Drops file in System32 directory
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:4600
  - - C:\Windows\SysWOW64\Ndghmo32.exe
      C:\Windows\system32\Ndghmo32.exe
      4⤵
      Adds autorun key to be loaded by Explorer.exe on startup
      Executes dropped EXE
      Drops file in System32 directory
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:4448
    - - C:\Windows\SysWOW64\Njcpee32.exe
        
        C:\Windows\system32\Njcpee32.exe
        5⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4008
      - C:\Windows\SysWOW64\Nqmhbpba.exe
        
        C:\Windows\system32\Nqmhbpba.exe
        6⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:5076
        
        C:\Windows\SysWOW64\Ncldnkae.exe
        
        C:\Windows\system32\Ncldnkae.exe
        7⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2960
        
        C:\Windows\SysWOW64\Nkcmohbg.exe
        
        C:\Windows\system32\Nkcmohbg.exe
        8⤵
        Executes dropped EXE
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 400
        9⤵
        Program crash
        
        PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4652 -ip 4652
1⤵
PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Nbhkac32.exe

Filesize
96KB

MD5
129474157224e8848473a8e0685e6138

SHA1
711062b3021fb24f55acee342c5810e0c8225ae1

SHA256
8d6da3b98a5336a07528f75af0fa11941b0832839c8c28aaa6230cc417aadcac

SHA512
6613a49d15d69ec57a21d94956723a267b7f57fc5568cb51ebb2bf874759fcf16b7eb0f1f74051fa8f2c6b2efb9aa652a38b93f262b33c3028d795d48f01f164

Download Submit
C:\Windows\SysWOW64\Ncldnkae.exe

Filesize
96KB

MD5
7a06ec521002b145fbf8db60559d4bc9

SHA1
dca17a1ccaee82205046a7fc7edcd4db091d9b1c

SHA256
db974c7dda8ca7a3773e528a8f5542a58df9d5504c8ec424d519c708c49ddd21

SHA512
de6061c5a794983b7e2c09331cb6a607cb54902aacf01ffe6a3e0ac41910c6a660145f867cae0ab0ebed9336e849fc4ce452f589537ce9053c9fd1f789197d70

Download Submit
C:\Windows\SysWOW64\Ndghmo32.exe

Filesize
96KB

MD5
a4bbb6da18fea3f4436b445348014329

SHA1
00b91fb913272d7bb98dc8a4704e93d098fc663f

SHA256
1e332a78029e6ef52a26cf18f645018ffded2f8b5e7d60b128adb05bf50277bd

SHA512
514dcfb578ab934119490f5d2ee63e3ada5508a782d0449ced29f1bc2c5a9c5f79d191f91cdf3060d0fd594c856a71a172f257ca417d1fbfcc258a547f410a19

Download Submit
C:\Windows\SysWOW64\Njacpf32.exe

Filesize
96KB

MD5
57f37484b9648d94181bde6cb3180e4d

SHA1
77324f4a5a8a485f4d46817e97c1e58371892a4d

SHA256
e5099ce5177501e6cbf42095e1c5798390f22520f67340c7d0aa93a7458d7fa1

SHA512
1602ee81e353a01d33b671a6f40cdf4544be57e6d4e388a69fe7ab73387e46c449edd2870450a74202a07004824c1e251c8ebeea542d35205b9fb24aba510006

Download Submit
C:\Windows\SysWOW64\Njcpee32.exe

Filesize
96KB

MD5
a4f4a3ae40be25f5380787270609d782

SHA1
5b2ee02ba76cd412beaafad88e9aba13fef60c0e

SHA256
cb7126db3121e574a2c619a9513b6571c13ea8873b9cbd38f79b6140e54e3b73

SHA512
5e7088a4ee9fbe2353f26563edae9c48103da8ab42ccd5b8e38cfc0e3e44f388d03dea12ac62a8674dad54ab2bf1c54e7323157b42fd69b13b459d0e8f4ef95f

Download Submit
C:\Windows\SysWOW64\Nkcmohbg.exe

Filesize
96KB

MD5
3c0faaf51ccc84646ba7f12b58e20cf4

SHA1
e6ef6cf03536b098aaa6b429150aeda16dd51069

SHA256
861b23bb28a2b50ca17715aa6ee40c9a6603ca3a64b0ab6ec6682cf810c1aa5a

SHA512
6a6178696355008e6cc77cde96b92c42801e11168d9ae25bf091eb5331f8eef4d2f8439307333768cf538a90edf7fe5d75718557fafbc6a5103e9d63aae44e16

Download Submit
C:\Windows\SysWOW64\Nqmhbpba.exe

Filesize
96KB

MD5
2bca75e0858428ad4da9868bdee03898

SHA1
adadd8d9e84987c0c6ccdf7f295d46137a481d9c

SHA256
1a70b3a132e8bb7ba89febd43defb8aa3d2f1adea9a53a4f70e6fc73724232b1

SHA512
5eef9998cb27c23505b01f533552480af7aac2486e7427f2888b42abe1bee9d2aae47cbc230f8ecb306a2c95ee9afe53a77f15e4df710c11ae8b8ad369e46388

Download Submit
memory/2724-62-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2724-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2960-48-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2960-58-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4008-31-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4008-60-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4448-28-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4448-59-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4600-61-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4600-16-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4652-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4652-57-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4820-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4820-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5076-46-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads