cybergate | d0f0ed014e4d0354a944f9f4912a6a58bdb3b10b67c3ca1959028351f28a6bfd

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe
Size

1.2MB
MD5

b1b0a9a8f700c1c910bd136179740b7f
SHA1

24c56812d6ef97b94c407e88bb3cc3abce70564c
SHA256

d0f0ed014e4d0354a944f9f4912a6a58bdb3b10b67c3ca1959028351f28a6bfd
SHA512

b24bee11093727c090ffbfe5516696d6f51b74efd1d42e9dc5a9e8c6b4ed1426c745a74df126b317cd7c5a60c6f89cb8b7704dcc9e4c06ff03a738bca5eb3303
SSDEEP

24576:HhqMYdprgqE8sleQy2bkqjZcFbV3bLCHYvnphtX3t3Pf2:HhqDpJE3QOnjZykHsxBG

Score

10^/10

cybergate itzh4cked discovery persistence stealer trojan upx

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

itzh4cked

itzh4cked.no-ip.biz:6661

Mutex

CY4GD3PW1Q0B43

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
test this bitch.exe
install_dir
Windows
install_file
chrome.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
what459sit512
regkey_hkcu
HKCU
regkey_hklm
HKLM

Signatures

CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
trojan stealer cybergate

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2472-15-0x0000000010480000-0x00000000104E5000-memory.dmp	upx
behavioral2/memory/2472-11-0x0000000010410000-0x0000000010475000-memory.dmp	upx

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindosU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WindosU.exe"	b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4568 set thread context of 2472	4568	b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe	87

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeBackupPrivilege	4564	vbc.exe
Token: SeRestorePrivilege	4564	vbc.exe
Token: SeDebugPrivilege	4564	vbc.exe
Token: SeDebugPrivilege	4564	vbc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 2472	4568	b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe	87
PID 4568 wrote to memory of 2472	4568	b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe	87
PID 4568 wrote to memory of 2472	4568	b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe	87
PID 4568 wrote to memory of 2472	4568	b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe	87
PID 4568 wrote to memory of 2472	4568	b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe	87
PID 4568 wrote to memory of 2472	4568	b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe	87
PID 4568 wrote to memory of 2472	4568	b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe	87
PID 4568 wrote to memory of 2472	4568	b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe	87
PID 4568 wrote to memory of 2472	4568	b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe	87
PID 4568 wrote to memory of 2472	4568	b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe	87
PID 4568 wrote to memory of 2472	4568	b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe	87
PID 4568 wrote to memory of 2472	4568	b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe	87
PID 4568 wrote to memory of 2472	4568	b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe	87
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88
PID 2472 wrote to memory of 3044	2472	vbc.exe	88

C:\Users\Admin\AppData\Local\Temp\b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b1b0a9a8f700c1c910bd136179740b7f_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2472
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:3044
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:4564
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

T1064

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Scripting

T1064

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Admin2.txt

Filesize
224KB

MD5
ba8b606e502b9e0e79bec6287f52d930

SHA1
1cd485004800d89498506baae10ffd335aeb00ab

SHA256
c2f8f48a1d493442303f6c6a5a9afe52dc7830975ca1452a0acde58d9f024570

SHA512
13a648e1da2b85d66529af837df90c5cbb697f1a809c07443a9689b6f74a29fe8d2ae042a3c3a540fb7ec1f38f6752b5e3270d335eed70a67b77eb1f5ad1d62b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
b68e4491e1d0815605a03ee8e532284d

SHA1
883e5b9e279ef5a13b618e011c73e9108fa5ef86

SHA256
c14846dec3ccc781f1d00004e9a88380d911fe559a6c97436681442b2fa8ef1b

SHA512
597856b0d5bc195ae98a79ac285493715d0f311650947b697f1a5bbb634371dac5cd48bdee31af4b24d8703a2fde60e54b9161377d3972ba28dbc2c802e0e42e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
108528ad3926b7636ac0b34835fbd473

SHA1
5d261d42dbf0726454175da2f59a1835dfed546b

SHA256
1c9ea3cf994bad7361681c6bea0250fbea578c905894b5870bae80724799b767

SHA512
be36d8342099f7b3cd5d54e765648d3b03ebe99bc639ec96e60e9bdcb520774a9d134b91df2a6acd22fa6bc28507f0a082d703850923035b69e6874bf6f5bb6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
1adb24abdc2700730b5357e41020ae2b

SHA1
1a76edac203110a2956686b1186f446e44c70199

SHA256
e737a2b35343adf52494502842710e377bb7561f313b3995c45a8408ea66171e

SHA512
ed065a37c5b5694277dd41308aefb5d530cc96fd6bea0d11abd73dd292ec3b6805be0573ad7a6356565323f625e400dcbe7c8c0969f957a5e279410ebff71643

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
e19e1f3e32415f2236ac37b2df1edac6

SHA1
de1ada257db3892fa2d397d710d857ae02d170fe

SHA256
56f015e9a8857bc0f09792e7631ca243862bc0533036af8c1268bfe18c4b97ba

SHA512
b2a982c631f84db936ac7156a3960756dccde30db46433f8cf346ed2a8a0ef0fbe406a654cbaea04dfca5af36cc55564d463e0877c207de4501833ed5687558d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
a7cac4e9030a7823ef6aebd4425de9dc

SHA1
69b7ddeb1944e878399e300ad63cd3749e8f259a

SHA256
2dd941bb98863830b83b4998be3125d041e892265e2f5feb139b255e29c7718f

SHA512
3e5be6acfbb39fa910325874cca1b560137eedb30a41f23c86d54282d32a7385558ee0e9720d131bde01a3082ccf575e5fea5f355240b1d91e02f7c3e786effe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
dac5540f5ea2320965039828d119b8eb

SHA1
fd2f15d49c87ce32168c11c68bb7d754493c4e78

SHA256
00526a38f825b28a669a607528a4b74d9101fc5d0a25c1b1b580385f642c2e54

SHA512
0fa6eaef0786829ffa29d5ae6998dfcbfc893986325dec56b6bb8922fd4209a8e0c796fd607ace1d6fe460154c0481b0f238ef489058576108c06e0376b5ed13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
d412f1a5b4207b3c82cba62dae391b8c

SHA1
ae60fed398ffa68b9c606e8b4296bc234a4a46a4

SHA256
e5151dc1f663247dc397feef21a54823744d056a3fb46bb79af020a138e1506a

SHA512
61d872bea39156dfb2c6a72338e225a143f1b088256c39fa41dbeb7ee717846728b44a4e5e7327870815c1b0b6bf5f0284153059a28b8d7e98be0713a51fdc5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
6012a0979d030451adede0b3b7d7c391

SHA1
f82cb8e0ec622af00b9602ca2404fa8999a2cf4b

SHA256
262b7c2a599ba18a9930fac6dff71ea6209c85b151c25de22c19e4458858c4e4

SHA512
c6d0d867b5ab8b3d38636dfdbf34cd8ef5327ea70bf1c59af32303a989bffe23c1e367eca19f743972a048f78e1051716c1082dd5b4a38eecf436fbf43b181c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
0950c6879b3fe325cd62f071199e740d

SHA1
0d35e703b88f6c292a7a1bedb0302910bc6ae68b

SHA256
da22460bf4a100177e4300cf02b0e6e9b2404b12d09e9614dbdd22e8c9330eb9

SHA512
1b4c5cb646cc5dc00bc86dcc133874682bd3c0419a0370d7ca370ebaddf8ebacf59a4763598bcde4821532a9b2a0ddb840a960e055ece094f1eb8fd47caeb9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
c829c6f3497a67808055fc20a75c10e9

SHA1
06f4b9bffaf8c0718907d81be72d0ddeff30021d

SHA256
74d41fa844a12170020f2bddf04b11ae415cd66f8719950d45b933114c2feeaa

SHA512
a038a0e2a43658f31f5832aca20630619c6a49cd23f32f2bdd9b0f03d36600581a2f6af86b51d0ec655ecf77548c98a92599a5a0295d46498369859a79678cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
98162ec43ac10f0dab5d080dac5ca930

SHA1
2fcd81824643d0508179e8cbc92a88514f1e2a1d

SHA256
0aa24ff0319c8eecbb2002184c4e5249c0853934b6544543d666920cdb23a4f8

SHA512
b5c35966568fd969cd47b907b06abc8f1c441b82cb05be805f2310eaf7a5555d73c29255a6277a65ca75b0d8b9a76429be2e273729a6ebeaf5c22574a742c86c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
d3f993f8308818174f2738db0f498df8

SHA1
4c2857244de9db57eaf38282ec92a160d6db3627

SHA256
a225caf5f098b87c326ed0e09da524876771fa0784b5b70c5c94443a851bb0d8

SHA512
6d620cef62c6c53051b544fb702d8c0a0fec00c4f19127ff70579cb13fc96220b8d9e9213eb14737b329e7e3f73b494baf8b3196567558d0917e6e9c76143d9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
6ebf28cb9731ed7af76a5c4c5945d966

SHA1
381e607ee1a87925a2266cfa0c839cf14cee7162

SHA256
be8aff864a8638a5cd7975e41cc0920bbf1837ca27828417f8d826e9d8128fbd

SHA512
06b79f7b545fcfa25d50d7542c8f2885037ad65fdfd02cd3fa43ac8f9cec68ae324f2d45a67c1f1abbea3b124bb96d91653a96f8b392be347c23f693c22879e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
ef2cf190d9c45e35a0abf8059d1e1a23

SHA1
29af1765951ef501635fdd753f0f2ecb9868bf9c

SHA256
efc79693d4521782eae5b7a3432abd25dd7189516880db6837ba750cc21fae20

SHA512
504409c8ee742ebca5ffee48a331aea5c3ba7e49d89892bb163dc6206ade7bad78634160cf765d09ea048505492a36216774bba3a8dc94091adfb65aec6bc2ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
8e9f40ca382bf607a769728ecbcb8453

SHA1
4952eb3b8ee0ba314cfc43b34455ea1c7a29eb29

SHA256
16886cd1c915634010a186945bcd290b1e8e5a8d92fb34fef62d8675638096f3

SHA512
bc807ba2d24c0cfd26428cf48a5a67732fef276783a1a17ab9d561fd01eb180aead83a0e0731bc735a7f51640348e1773895f9ba887635a70b458570e44f9851

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
1e5d3f9664915021e63938098724efbf

SHA1
818580a0bf078109e0b00d0937e903f565422c22

SHA256
a39930aebb1e18b3b462cdaeeeb3b3a2d08c1eed963b5258e21abe7e4c9f92bd

SHA512
ca05475e17f99424270d1c509490f6ddcc2a8c80427aef5e985e5861f93e3a884822a406c60a6eb89cb2e7fb7483e7e0b9dce833dace4b4a353169cbfa6ca23e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
b016e01ac0da38ccd5afb6fb2ac9359b

SHA1
07c19af558e7bf1f22dddb2e52bb55aacfe9cdd8

SHA256
56901751e416f664171888f0e001c0e084f4ea69998e283088e86cdf01d09ce0

SHA512
b42bf3e12372e80611fd9eb0b9406adac2a3088433459ef846a05cc1e6b95173f8c9b49af84cececb85bbb1a4d0b8ef0039f270c6a34a59f0805abd35980c924

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
250c7f4cafe6450b81e8798dab8b0cc3

SHA1
1e2da8f1bed7bc6ade4bfe0277bc0ef763e713c2

SHA256
ecaded730fc5059144158b8f805c4089183427590220acde31a530dcba4cba38

SHA512
eadaf5aa9e35fe42f5423a564d894a6feeef4d98c2378436aa05e4efa4db0fa3a4c4682f338cd476845f2d2b8fbc83a83cbc292f11ad7cac7f3a557433f7883d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Admin7

Filesize
8B

MD5
68121978acc6d132af24404e81ad4059

SHA1
c4c2044b288979dcd08761bd40ade9979e9174e3

SHA256
3e1649149cc21ad598648a1a734e0ca1bf040e2371266a12da64783ab3c480ed

SHA512
7ee4d54fb36201518f64f8f9077eba87838462c4498856c17bf972685b0fb736794be68283e0850d336ce78b5b3dfc76e715b7b8184b305d06303332f5bf380f

Download Submit
memory/2472-8-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2472-3-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2472-4-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2472-79-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2472-6-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2472-11-0x0000000010410000-0x0000000010475000-memory.dmp

Filesize
404KB

Download
memory/2472-15-0x0000000010480000-0x00000000104E5000-memory.dmp

Filesize
404KB

Download
memory/4564-20-0x0000000000400000-0x000000000051F000-memory.dmp

Filesize
1.1MB

Download
memory/4564-17-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/4564-16-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/4568-0-0x00000000748C2000-0x00000000748C3000-memory.dmp

Filesize
4KB

Download
memory/4568-9-0x00000000748C0000-0x0000000074E71000-memory.dmp

Filesize
5.7MB

Download
memory/4568-2-0x00000000748C0000-0x0000000074E71000-memory.dmp

Filesize
5.7MB

Download
memory/4568-1-0x00000000748C0000-0x0000000074E71000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads