56fbad2c9567b7efbc53b2684e5c3f18d914404227255efe9cb5c938df92d3d1

Analysis

max time kernel
147s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
09/09/2024, 08:49 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ทางรัฐ_2024-09-09.apk
Size

12.2MB
MD5

55c730ee53c5219d5560f0458f597b0c
SHA1

0502f8da6cdb72e4219d1419283822770e2f5dcb
SHA256

b7f463544f358f027da0fdb27632d8f6a693bb6dc1eebd452267573a675d3e2d
SHA512

3ee2fa06955d55b2689a25c5925efd87749db328c9330d90dcd99d51cbc6b5e7f46ea1969c065572a3aa0d44a08e830a71dbfeb5f355428f1ba2c645ab6b8ab1
SSDEEP

196608:RjnYPwZmu4xX7EJIHWC3+oGxLVnu/6EL5ko1iF+EiCOGBvE2XHU7gGt6BZXKE:RmrxX7EuHWsTmRny6ELT1/1UvdWgnXn

Score

7^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.easy.rometelchnology

Queries account information for other applications stored on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect account information stored on the device.

collection

Stored Application Data

T1409

description	ioc	Process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.easy.rometelchnology
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.easy.rometelchnology:main
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.easy.rometelchnology:s1

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.easy.rometelchnology
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.easy.rometelchnology:main
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.easy.rometelchnology:s1

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.easy.rometelchnology

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.easy.rometelchnology

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.easy.rometelchnology

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.easy.rometelchnology

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.easy.rometelchnology:main
Framework service call	android.app.job.IJobScheduler.schedule	com.easy.rometelchnology

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.easy.rometelchnology
Framework API call	javax.crypto.Cipher.doFinal	com.easy.rometelchnology:main
Framework API call	javax.crypto.Cipher.doFinal	com.easy.rometelchnology:s1

com.easy.rometelchnology
1⤵
- Makes use of the framework's Accessibility service
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4258
- getprop ro.build.display.id
  2⤵
  PID:4641
- getprop ro.build.display.id
  2⤵
  PID:4747
- getprop ro.build.display.id
  2⤵
  PID:4783
- getprop ro.build.display.id
  2⤵
  PID:4813
- getprop ro.build.display.id
  2⤵
  PID:4837
- getprop ro.build.display.id
  2⤵
  PID:4880
- getprop ro.build.display.id
  2⤵
  PID:4938
- getprop ro.build.display.id
  2⤵
  PID:4964
- getprop ro.build.display.id
  2⤵
  PID:5013
- getprop ro.build.display.id
  2⤵
  PID:5038
- getprop ro.build.display.id
  2⤵
  PID:5060
- getprop ro.build.display.id
  2⤵
  PID:5105
- getprop ro.build.display.id
  2⤵
  PID:5136
- getprop ro.build.display.id
  2⤵
  PID:5161
- getprop ro.build.display.id
  2⤵
  PID:5208
- getprop ro.build.display.id
  2⤵
  PID:5238
- getprop ro.build.display.id
  2⤵
  PID:5260
- getprop ro.build.display.id
  2⤵
  PID:5299
- getprop ro.build.display.id
  2⤵
  PID:5336
- getprop ro.build.display.id
  2⤵
  PID:5355
- getprop ro.build.display.id
  2⤵
  PID:5403
- getprop ro.build.display.id
  2⤵
  PID:5437
- getprop ro.build.display.id
  2⤵
  PID:5459
- getprop ro.build.display.id
  2⤵
  PID:5499
- getprop ro.build.display.id
  2⤵
  PID:5534
- getprop ro.build.display.id
  2⤵
  PID:5552
- getprop ro.build.display.id
  2⤵
  PID:5598
- getprop ro.build.display.id
  2⤵
  PID:5637
- getprop ro.build.display.id
  2⤵
  PID:5662

com.easy.rometelchnology:main
1⤵
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4383

com.easy.rometelchnology:s1
1⤵
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
PID:4421

Network

DNS

www.baidu.com

Remote address:

1.1.1.1:53

Request

www.baidu.com

IN A

Response

www.baidu.com

IN CNAME

www.a.shifen.com

www.a.shifen.com

IN CNAME

www.wshifen.com

www.wshifen.com

IN A

103.235.46.96

www.wshifen.com

IN A

103.235.47.188
GET

http://www.baidu.com/

Remote address:

103.235.46.96:80

Request

GET / HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: www.baidu.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Content-Length: 1108
Content-Type: text/html
Server: bfe
Date: Tue, 10 Sep 2024 09:21:36 GMT
DNS

www.baidu.com

Remote address:

1.1.1.1:53

Request

www.baidu.com

IN A

Response

www.baidu.com

IN CNAME

www.a.shifen.com

www.a.shifen.com

IN CNAME

www.wshifen.com

www.wshifen.com

IN A

103.235.47.188

www.wshifen.com

IN A

103.235.46.96
GET

http://www.baidu.com/

Remote address:

103.235.47.188:80

Request

GET / HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: www.baidu.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Content-Length: 1108
Content-Type: text/html
Server: bfe
Date: Tue, 10 Sep 2024 09:21:38 GMT
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.169.14
GET

http://www.baidu.com/

Remote address:

103.235.47.188:80

Request

GET / HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: www.baidu.com
Connection: Keep-Alive
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Content-Length: 1108
Content-Type: text/html
Server: bfe
Date: Tue, 10 Sep 2024 09:21:38 GMT
DNS

rpc.dzky3.xyz

Remote address:

1.1.1.1:53

Request

rpc.dzky3.xyz

IN A

Response

rpc.dzky3.xyz

IN A

104.21.90.231

rpc.dzky3.xyz

IN A

172.67.162.55
POST

https://rpc.dzky3.xyz/x/command-report?state=0&ty=0

Remote address:

104.21.90.231:443

Request

POST /x/command-report?state=0&ty=0 HTTP/2.0
host: rpc.dzky3.xyz
version: 08310554-Rebuild
type: encryption
content-type: application/json; charset=UTF-8
content-length: 55
accept-encoding: gzip
user-agent: okhttp/4.11.0

Response

HTTP/2.0 200

date: Tue, 10 Sep 2024 09:22:46 GMT
content-type: application/json; charset=UTF-8
content-length: 185
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: R4YzKCtNxj1D6lzSps3H3HV5fDsGz9HH
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nfnUZC0NnlhNwKtgUeXDXysFEIS4EkM7aIy%2F6qlkopIz7QifUlVSYXXF%2B02B99cj53vn14CX43w8IOLPvVeghzQVbDLunNtgnDHg2Pt99A7Qu4fOBHKAKTSTgJ2GcEWX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c0e5afd194979b6-LHR
alt-svc: h3=":443"; ma=86400
POST

https://rpc.dzky3.xyz/x/command-report?state=0&ty=3

Remote address:

104.21.90.231:443

Request

POST /x/command-report?state=0&ty=3 HTTP/2.0
host: rpc.dzky3.xyz
version: 08310554-Rebuild
type: encryption
content-type: application/json; charset=UTF-8
content-length: 55
accept-encoding: gzip
user-agent: okhttp/4.11.0

Response

HTTP/2.0 200

date: Tue, 10 Sep 2024 09:22:46 GMT
content-type: application/json; charset=UTF-8
content-length: 185
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: TXXEzwcrcmw3uzmrBC1Ou2twcLm6vXPm
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ph%2FqE1bur2f7yAPMMtLpw%2FH5ZtmT1OO2FUDzuyCEs9CM%2BWbw%2FLJEWuceI%2FBgd6GdcssQKV%2FfYuJoRfDAWKUAk%2FltifkLCPWS4SH0V11nsGIn2GI7B4nEs8ilx2XnvfRb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c0e5afd194779b6-LHR
alt-svc: h3=":443"; ma=86400
POST

https://rpc.dzky3.xyz/x/command-report?state=0&ty=3

Remote address:

104.21.90.231:443

Request

POST /x/command-report?state=0&ty=3 HTTP/2.0
host: rpc.dzky3.xyz
version: 08310554-Rebuild
type: encryption
content-type: application/json; charset=UTF-8
content-length: 55
accept-encoding: gzip
user-agent: okhttp/4.11.0

Response

HTTP/2.0 200

date: Tue, 10 Sep 2024 09:23:16 GMT
content-type: application/json; charset=UTF-8
content-length: 185
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: qjqm5pPJ4VlWY1dDoTLvUSr0NkvJwO2Z
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AWifFNSNkXxhpaU3thD4HpSsxqGwhkWzFUfI8FVvW4Wom8rhGG5mcJLH845sS0fTFBAa%2FxkFJuwGdcX8kCEuGyOUh1YcynAswB95W3k6iBAsJox3PiU8okWW3%2BCONpLM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c0e5bb7ab3f79b6-LHR
alt-svc: h3=":443"; ma=86400
POST

https://rpc.dzky3.xyz/x/command-report?state=0&ty=0

Remote address:

104.21.90.231:443

Request

POST /x/command-report?state=0&ty=0 HTTP/2.0
host: rpc.dzky3.xyz
version: 08310554-Rebuild
type: encryption
content-type: application/json; charset=UTF-8
content-length: 55
accept-encoding: gzip
user-agent: okhttp/4.11.0

Response

HTTP/2.0 200

date: Tue, 10 Sep 2024 09:23:16 GMT
content-type: application/json; charset=UTF-8
content-length: 185
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: Jw5eeyhcUdSTJ37oSNplmwqyDc0O5GhU
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BLZkvyN4vxahMlTL6aRVkaQTJyKSLfbHd0%2FwAZNKHeE1jGCz034cpH2BH6qhG5xQeAl%2BXlXWsa3ZmXVZ8myn6fmXBugPqOPIFeU9CXLh5g%2BxlA4fa0qnv9k39Rney0aY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c0e5bb7ab4179b6-LHR
alt-svc: h3=":443"; ma=86400
POST

https://rpc.dzky3.xyz/x/command-report?state=0&ty=0

Remote address:

104.21.90.231:443

Request

POST /x/command-report?state=0&ty=0 HTTP/2.0
host: rpc.dzky3.xyz
version: 08310554-Rebuild
type: encryption
content-type: application/json; charset=UTF-8
content-length: 55
accept-encoding: gzip
user-agent: okhttp/4.11.0

Response

HTTP/2.0 200

date: Tue, 10 Sep 2024 09:23:46 GMT
content-type: application/json; charset=UTF-8
content-length: 185
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: sxdJo1AgGXNjRKGI24zo7D6CphhKZ5s0
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E9%2BmvFp3t790KFTRBL7eRoLlA35S6Uuz50AqrCzGLUcieIcs9AmhOxW6H5ohUsbyDsAJzQj%2BoGXsqmmok6L2qpE3bCCcyo25Uv9mfmzXAkSULX%2B8F8O8ahvLfOIT%2BVot"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c0e5c732b7b79b6-LHR
alt-svc: h3=":443"; ma=86400
POST

https://rpc.dzky3.xyz/x/command-report?state=0&ty=3

Remote address:

104.21.90.231:443

Request

POST /x/command-report?state=0&ty=3 HTTP/2.0
host: rpc.dzky3.xyz
version: 08310554-Rebuild
type: encryption
content-type: application/json; charset=UTF-8
content-length: 55
accept-encoding: gzip
user-agent: okhttp/4.11.0

Response

HTTP/2.0 200

date: Tue, 10 Sep 2024 09:23:46 GMT
content-type: application/json; charset=UTF-8
content-length: 185
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: 0tzhwOBdSy1iv8gRBscADhWfZmNhOpi7
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZS%2FULDwtXtEK4ByidotPwc9DC5nWe0wqLyjjM84UNmvxLzKviwNb%2BDfnj36G0c7xcI1zxMAPsnkh8nGabGBApfi%2BoRTTqywEDDsFmUYyg0XCeDNIGZRUCUsyUScqvBZn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c0e5c735bad79b6-LHR
alt-svc: h3=":443"; ma=86400

103.235.46.96:80

www.baidu.com

100 B
60 B
2
1
103.235.46.96:80

http://www.baidu.com/

http

741 B
3.1kB
13
12

HTTP Request

GET http://www.baidu.com/

HTTP Response

200
103.235.47.188:80

http://www.baidu.com/

http

701 B
3.6kB
12
12

HTTP Request

GET http://www.baidu.com/

HTTP Response

200
142.250.200.46:443

tls, https

915 B
40 B
1
1
142.250.200.46:443

tls, https

915 B
40 B
1
1
172.217.169.14:443

android.apis.google.com

tls

7.5kB
4.8kB
23
20
103.235.47.188:80

http://www.baidu.com/

http

649 B
3.5kB
11
10

HTTP Request

GET http://www.baidu.com/

HTTP Response

200
104.21.90.231:443

https://rpc.dzky3.xyz/x/command-report?state=0&ty=3

tls, http2

2.2kB
8.5kB
17
27

HTTP Request

POST https://rpc.dzky3.xyz/x/command-report?state=0&ty=0

HTTP Request

POST https://rpc.dzky3.xyz/x/command-report?state=0&ty=3

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://rpc.dzky3.xyz/x/command-report?state=0&ty=3

HTTP Request

POST https://rpc.dzky3.xyz/x/command-report?state=0&ty=0

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://rpc.dzky3.xyz/x/command-report?state=0&ty=0

HTTP Request

POST https://rpc.dzky3.xyz/x/command-report?state=0&ty=3

HTTP Response

200

HTTP Response

200
104.21.90.231:443

rpc.dzky3.xyz

tls, http2

850 B
3.8kB
9
8
142.250.178.3:80

364 B
7
216.58.212.228:443

tls

602 B
8
172.217.16.226:443

tls

270 B
40 B
4
1

224.0.0.251:5353

3.9kB
13
1.1.1.1:53

www.baidu.com

dns

59 B
144 B
1
1

DNS Request

www.baidu.com

DNS Response

103.235.46.96

103.235.47.188
1.1.1.1:53

www.baidu.com

dns

59 B
144 B
1
1

DNS Request

www.baidu.com

DNS Response

103.235.47.188

103.235.46.96
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

172.217.169.14
1.1.1.1:53

rpc.dzky3.xyz

dns

59 B
91 B
1
1

DNS Request

rpc.dzky3.xyz

DNS Response

104.21.90.231

172.67.162.55

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Process Discovery

T1424

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.easy.rometelchnology/no_backup/androidx.work.workdb

Filesize
100KB

MD5
a2179c8debce645c981077c5e4cd67fb

SHA1
b31007df495fc8c52da1fb95927466e7ee1c0eba

SHA256
2ea94cdf54af77d021ef6571f1a537bf606db597df335d578868d731c9eac628

SHA512
b6893448013506cad29a1094c5983e55d46516fdeb595844e1f10a38b7ffa68ae935496173911295943be74866e0423adc189b00930757bd955c6c43924bb93e

Download Submit
/data/data/com.easy.rometelchnology/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.easy.rometelchnology/no_backup/androidx.work.workdb-wal

Filesize
402KB

MD5
df57e6abf5eed7a0513f0ea649e6ed29

SHA1
da01d679b4bea58272924306f0ffb849d4aa2ca0

SHA256
925ce6c2be949e6fd07d2620fc6c5c0cb8c61b606fa8bfb5330b37a877e1ff45

SHA512
1a1ece371a5e6f19376b09d0b97252d7223a0082f94ef817349ed363d81ec229faafbedc6bb3a67fe8589ed6521799e5cb7be2bdd8c576baf05116fa40afa87f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.