a424ecaea26cb2393afaafe05ca451ed818806de04fcd398ea99037a5de85bcd

General

Target

f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe
Size

795KB
MD5

f4e56e9d5dc66cc15930abbdca5c8c8b
SHA1

aa00952206545af5bd8d0890bf0c7802c08c830a
SHA256

a424ecaea26cb2393afaafe05ca451ed818806de04fcd398ea99037a5de85bcd
SHA512

8f6c245daae860262d2326c37b8ff524faecf8330bcd784fc55e9af06be5151504dfb52510e3e71054acc008b819f9107a0f124609a74726c77bbefeacb66530
SSDEEP

24576:9Mw6ce/U26Cb5KaXKseD0nye08WIcshV/8+v:BI/U26CNZX9ektDhK+v

Score

8^/10

discovery evasion persistence trojan

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
1892	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe

Loads dropped DLL 5 IoCs

pid	Process
2092	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe
2092	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe
2092	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe
1892	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe
1892	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Run\Norton Download Manager{NIS19113-SHPD-FSD21017} = "C:\\Users\\Public\\Downloads\\Norton\\{NIS19113-SHPD-FSD21017}\\f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe /m"	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Run\Norton Download Manager{NIS19113-SHPD-FSD21017} = "C:\\Users\\Public\\Downloads\\Norton\\{NIS19113-SHPD-FSD21017}\\f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe /m"	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1892	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1892	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 1892	2092	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe	30
PID 2092 wrote to memory of 1892	2092	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe	30
PID 2092 wrote to memory of 1892	2092	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe	30
PID 2092 wrote to memory of 1892	2092	f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Users\Public\Downloads\Norton\{NIS19113-SHPD-FSD21017}\f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe
  C:\Users\Public\Downloads\Norton\{NIS19113-SHPD-FSD21017}\f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe /r
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Checks whether UAC is enabled
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

2

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

Filesize
2KB

MD5
ff303f12f10741efaf7bb364a08abdc2

SHA1
b17e3760635ccba8d515bd80e48bc594d4c5b538

SHA256
7cd6dad7195f35bd2cbc1a0a303a50913bbbef626bcb954017d15ccc40e1e4e2

SHA512
4f763ec17d7d247d0358f36bbe736a3d2a78b73b63a08a8aae5fe397a1efd3b688d4d2e9df82e2b158de6188ddd8a9988bb06b0bff6357f71ae5f2de44f49f19

Download Submit
C:\ProgramData\Norton\FSDUI-2024-09-25-01h41m55s.log

Filesize
1KB

MD5
0f9248f27d7185f965658d0488f0b36b

SHA1
0790f7f0c6c2c3ee7c3e385e1743fbad9373ba64

SHA256
65903b9568b175ebb0d01a66cf5bd204f92b1f1f53e2b213fb255001cabbff50

SHA512
4fcd747369b3aac1f7e00b2848f2a0042230cc6f57678aed4f42a3a9bcf95c04c0ff9a591c9f9a3ae2f01975b5cea33adc439ad83d5190150673ef54c33f4194

Download Submit
C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI

Filesize
157B

MD5
d4d20ff047f8c30e33639087e6eb6e59

SHA1
60cd8c86841100dbb458c8264294fcde821c18da

SHA256
3e86bf4df9585a7e8d64bb50bf22e26e319fd0fec56eed65f8a8da442b4c4b48

SHA512
bcc7f9cd48f1ec32ac4c693a79f85bced68acc153e8d700d30b28785245044677209d18e20fd2cf22723a28aa8a20b258b07908c7d8b464442d6ed98a9d9fbc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7207.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1846800975-3917212583-2893086201-1000\4bd07e1ba952c6aa9bf83a8d98c08949_f9da27c9-c625-43c3-9b3a-b1344b01e128

Filesize
54B

MD5
9499c2f308410e48386f58ca7afccd2e

SHA1
e2ef9dec757aec938d801dd720fddc0c387da7af

SHA256
87e4fc1f82d5a89c7f10ca58cf5de66d184cc3ce02954a13ade3100414a3bc97

SHA512
ff68637e2b3b62cf6ca812bf4d067606edacb353825628048396c45e9be8ca7725c93787b8bcf82e610cf795f69a52b20d4ac48ade5405b114643af6515cf457

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton\Norton Download Manager.lnk

Filesize
1KB

MD5
506047201ff93a586b82f64cebb554d4

SHA1
3a1eec32e2990a545e874218b023f41bf5e27486

SHA256
36412d04a431e056e3f2ac061e426cbd656c25d6de4afabe9bab8140a8ccc4f4

SHA512
f673bb6bcd244a06ca11c30b7afd336beb321ac6530e5cea36051e440bbc99e728fa89b5d7ac522fb39439ebcf0dca867bc8582d58197baff03504012120d8c1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton\Norton Installation Files.lnk

Filesize
1KB

MD5
d0e044fa81b462c0b35f5351ef21c2b9

SHA1
c091216f17d5cbeb2d2bfae58f3334cf731c97de

SHA256
30387e46cf993f23c569c3f5004a357cfd82baf6e44f6e508e0f7e91fd9307c4

SHA512
c49d40949efabb10b2a03cfa9b103c0f7b60ebbc25504b8ad6453dbc557ba0fd2da8178a0fd30b96490d7acb99953c93915ddb53046eabdb5da12351955947a7

Download Submit
C:\Users\Public\Downloads\Norton\{NIS19113-SHPD-FSD21017}\f4e56e9d5dc66cc15930abbdca5c8c8b_JaffaCakes118.exe

Filesize
795KB

MD5
f4e56e9d5dc66cc15930abbdca5c8c8b

SHA1
aa00952206545af5bd8d0890bf0c7802c08c830a

SHA256
a424ecaea26cb2393afaafe05ca451ed818806de04fcd398ea99037a5de85bcd

SHA512
8f6c245daae860262d2326c37b8ff524faecf8330bcd784fc55e9af06be5151504dfb52510e3e71054acc008b819f9107a0f124609a74726c77bbefeacb66530

Download Submit
memory/1892-60-0x0000000000400000-0x000000000067B000-memory.dmp

Filesize
2.5MB

Download
memory/1892-28-0x0000000000400000-0x000000000067B000-memory.dmp

Filesize
2.5MB

Download
memory/1892-38-0x0000000000760000-0x0000000000770000-memory.dmp

Filesize
64KB

Download
memory/1892-93-0x0000000000400000-0x000000000067B000-memory.dmp

Filesize
2.5MB

Download
memory/1892-48-0x0000000000760000-0x0000000000770000-memory.dmp

Filesize
64KB

Download
memory/1892-69-0x0000000000760000-0x0000000000770000-memory.dmp

Filesize
64KB

Download
memory/1892-61-0x0000000000400000-0x000000000067B000-memory.dmp

Filesize
2.5MB

Download
memory/1892-29-0x0000000000230000-0x0000000000232000-memory.dmp

Filesize
8KB

Download
memory/1892-59-0x0000000000230000-0x0000000000232000-memory.dmp

Filesize
8KB

Download
memory/2092-21-0x0000000001FD0000-0x0000000001FE0000-memory.dmp

Filesize
64KB

Download
memory/2092-1-0x00000000003B0000-0x00000000003B2000-memory.dmp

Filesize
8KB

Download
memory/2092-32-0x0000000000400000-0x000000000067B000-memory.dmp

Filesize
2.5MB

Download
memory/2092-0-0x0000000000400000-0x000000000067B000-memory.dmp

Filesize
2.5MB

Download
memory/2092-25-0x0000000001FD0000-0x0000000001FE0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads