0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87

Analysis

max time kernel
144s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
Size

119KB
MD5

e37ec7ed51ca355b00f07a466720a1f0
SHA1

d945d374a5fd76fa71b34ba3cfc80e9e70d3493a
SHA256

0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87
SHA512

e26634361d9f616d109aa4f1b8f60964edd716ba53d2e3980a13c055c2a4be702d7646afe657ae773da27212c761c469dbace71b9289b5d108c365b4660f2386
SSDEEP

3072:BOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPh:BIs9OKofHfHTXQLzgvnzHPowYbvrjD/E

Score

7^/10

persistence

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x003a0000000132f2-10.dat	acprotect

Executes dropped EXE 2 IoCs

pid	Process
2156	ctfmen.exe
2800	smnss.exe

Loads dropped DLL 9 IoCs

pid	Process
2220	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
2220	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
2220	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
2156	ctfmen.exe
2156	ctfmen.exe
2800	smnss.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe"	smnss.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe"	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe

Maps connected drives based on registry 3 TTPs 6 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\1	smnss.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\1	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	smnss.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	smnss.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ctfmen.exe	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
File created	C:\Windows\SysWOW64\shervans.dll	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
File created	C:\Windows\SysWOW64\smnss.exe	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
File created	C:\Windows\SysWOW64\satornas.dll	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
File opened for modification	C:\Windows\SysWOW64\satornas.dll	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
File created	C:\Windows\SysWOW64\zipfiaq.dll	smnss.exe
File created	C:\Windows\SysWOW64\smnss.exe	smnss.exe
File created	C:\Windows\SysWOW64\ctfmen.exe	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
File created	C:\Windows\SysWOW64\grcopy.dll	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
File opened for modification	C:\Windows\SysWOW64\grcopy.dll	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
File opened for modification	C:\Windows\SysWOW64\shervans.dll	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
File created	C:\Windows\SysWOW64\zipfi.dll	smnss.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml	smnss.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml	smnss.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2908	2800	WerFault.exe	29

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll"	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll"	smnss.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2800	smnss.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2156	2220	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe	28
PID 2220 wrote to memory of 2156	2220	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe	28
PID 2220 wrote to memory of 2156	2220	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe	28
PID 2220 wrote to memory of 2156	2220	0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe	28
PID 2156 wrote to memory of 2800	2156	ctfmen.exe	29
PID 2156 wrote to memory of 2800	2156	ctfmen.exe	29
PID 2156 wrote to memory of 2800	2156	ctfmen.exe	29
PID 2156 wrote to memory of 2800	2156	ctfmen.exe	29
PID 2800 wrote to memory of 2908	2800	smnss.exe	30
PID 2800 wrote to memory of 2908	2800	smnss.exe	30
PID 2800 wrote to memory of 2908	2800	smnss.exe	30
PID 2800 wrote to memory of 2908	2800	smnss.exe	30

C:\Users\Admin\AppData\Local\Temp\0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe
"C:\Users\Admin\AppData\Local\Temp\0bc14e6a506cf103f87980664d678fc9b9fc3f9193fb032eb4653992b44e5d87.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\ctfmen.exe
  ctfmen.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2156
- - C:\Windows\SysWOW64\smnss.exe
    C:\Windows\system32\smnss.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Maps connected drives based on registry
    - Drops file in System32 directory
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2800
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 956
      4⤵
      Loads dropped DLL
      Program crash
      PID:2908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\satornas.dll

Filesize
183B

MD5
15b73eead06c0b6db22e7b93819aa527

SHA1
85112b86bac4cb4b0da12c953ea5326e4b9d32ea

SHA256
cfaf51c2ddc9d49719e833d796f05ae7831080bb1bbe3cc88de26356ed5efb97

SHA512
00c3a5ebfded17792d9d8cfa8ac26bc1e9681334777acf9667fbc9c886295079a841447322203014818b6d19a017ca2bea1f081cad6b8f9f12b9b74f8f08b8e1

Download Submit
\Windows\SysWOW64\ctfmen.exe

Filesize
4KB

MD5
9df80244e11d9cdc8e6b1b7d280d94a6

SHA1
f090a7c626fe1b1d05d8d43223655a03feea7e83

SHA256
b9fb5c5e7c0e2ce2217060df0eb79aff28d7367c1064d8fb7b68f636de1bd382

SHA512
f04cbc349b6d62d6689bb9fb4044a1c5254a92104b84e0f886b7645d037d6589a3c9cb8dac90ef5d3932caa31cfe9c834a25538c947ae47c17eb674f1758647c

Download Submit
\Windows\SysWOW64\shervans.dll

Filesize
8KB

MD5
636bea3f9f9e29ba38248dff6f4b0f90

SHA1
3381433e10134f8e82eaf46689a63030b1ceb847

SHA256
64b3fc4df37511e985baa2ff9842270b3a6667c553c650cb33f0d11fa822ca87

SHA512
4ba7760aa0374c918123013de6a2a97037a533fa9349c609e729e00af5b400992c518a56c4675694fc999ab37cdd43438f55964472cef8141f9a3f1baf24b7e6

Download Submit
\Windows\SysWOW64\smnss.exe

Filesize
119KB

MD5
48d3794ac77b83bc513d5bd70f54e03d

SHA1
a9cd2fa611a271a7f314f4ad695be041bb2ea539

SHA256
34c8b07a5c09aafcbc1266306cb6f2d8364f9e08ec0ca7bcd6936617c3d2604c

SHA512
0f9a42e516e1ab67bc09b8b3a46d38e1333fe02e3afa89ddf1242921ab8e6bfa36a5760821bacea0fd4d6c97f88a7eb52a27b8cc98b712374f35d9814bea7eec

Download Submit
memory/2156-32-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2220-26-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2220-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2220-27-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2220-19-0x0000000000340000-0x0000000000349000-memory.dmp

Filesize
36KB

Download
memory/2220-16-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2800-34-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2800-41-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2800-44-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads