darkcomet | 91e123c82523c2fc331266650bb55ecadad77be08673da19f24eed10236652d1

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-12-2024 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f290bcd0a10a945a27348528ae1e28b8_JaffaCakes118.exe
Size

3.5MB
MD5

f290bcd0a10a945a27348528ae1e28b8
SHA1

f431bc91f1026e3a644756f08f20769a6be52c4a
SHA256

91e123c82523c2fc331266650bb55ecadad77be08673da19f24eed10236652d1
SHA512

42de9a08423f02c94217097ee7912817ccb86614a708cb7b9936f6586240d63824c898847292312a64993b834d13e193666765f57ae218a0de1032b323dfe85e
SSDEEP

98304:u5x9gcLho+OZPR/bERxZET+0O4eMLc9mDSR9ZBD0iDb+eV:u5Mcl+TYr2The4jU9j4iDb+e

Score

10^/10

darkcomet discovery persistence rat trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet

Executes dropped EXE 4 IoCs

pid	Process
2400	Torrent.exe
268	vbc.exe
1384	HIDEIP~1.EXE
2532	HIDEIP~1.EXE

Loads dropped DLL 4 IoCs

pid	Process
2400	Torrent.exe
1384	HIDEIP~1.EXE
1384	HIDEIP~1.EXE
2532	HIDEIP~1.EXE

Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	f290bcd0a10a945a27348528ae1e28b8_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\JavaUpdater = "C:\\Users\\Admin\\AppData\\Roaming\\JavaUpdater\\Torrent.exe"	Torrent.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2400 set thread context of 268	2400	Torrent.exe	29
PID 1384 set thread context of 2532	1384	HIDEIP~1.EXE	31

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HIDEIP~1.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HIDEIP~1.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Torrent.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral1/files/0x0009000000016d13-46.dat	nsis_installer_2

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
1384	HIDEIP~1.EXE

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	268	vbc.exe
Token: SeSecurityPrivilege	268	vbc.exe
Token: SeTakeOwnershipPrivilege	268	vbc.exe
Token: SeLoadDriverPrivilege	268	vbc.exe
Token: SeSystemProfilePrivilege	268	vbc.exe
Token: SeSystemtimePrivilege	268	vbc.exe
Token: SeProfSingleProcessPrivilege	268	vbc.exe
Token: SeIncBasePriorityPrivilege	268	vbc.exe
Token: SeCreatePagefilePrivilege	268	vbc.exe
Token: SeBackupPrivilege	268	vbc.exe
Token: SeRestorePrivilege	268	vbc.exe
Token: SeShutdownPrivilege	268	vbc.exe
Token: SeDebugPrivilege	268	vbc.exe
Token: SeSystemEnvironmentPrivilege	268	vbc.exe
Token: SeChangeNotifyPrivilege	268	vbc.exe
Token: SeRemoteShutdownPrivilege	268	vbc.exe
Token: SeUndockPrivilege	268	vbc.exe
Token: SeManageVolumePrivilege	268	vbc.exe
Token: SeImpersonatePrivilege	268	vbc.exe
Token: SeCreateGlobalPrivilege	268	vbc.exe
Token: 33	268	vbc.exe
Token: 34	268	vbc.exe
Token: 35	268	vbc.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
2532	HIDEIP~1.EXE
2532	HIDEIP~1.EXE
2532	HIDEIP~1.EXE
2532	HIDEIP~1.EXE
2532	HIDEIP~1.EXE
2532	HIDEIP~1.EXE

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
2532	HIDEIP~1.EXE
2532	HIDEIP~1.EXE
2532	HIDEIP~1.EXE
2532	HIDEIP~1.EXE
2532	HIDEIP~1.EXE
2532	HIDEIP~1.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
268	vbc.exe
2532	HIDEIP~1.EXE

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2400	2288	f290bcd0a10a945a27348528ae1e28b8_JaffaCakes118.exe	28
PID 2288 wrote to memory of 2400	2288	f290bcd0a10a945a27348528ae1e28b8_JaffaCakes118.exe	28
PID 2288 wrote to memory of 2400	2288	f290bcd0a10a945a27348528ae1e28b8_JaffaCakes118.exe	28
PID 2288 wrote to memory of 2400	2288	f290bcd0a10a945a27348528ae1e28b8_JaffaCakes118.exe	28
PID 2400 wrote to memory of 268	2400	Torrent.exe	29
PID 2400 wrote to memory of 268	2400	Torrent.exe	29
PID 2400 wrote to memory of 268	2400	Torrent.exe	29
PID 2400 wrote to memory of 268	2400	Torrent.exe	29
PID 2400 wrote to memory of 268	2400	Torrent.exe	29
PID 2400 wrote to memory of 268	2400	Torrent.exe	29
PID 2400 wrote to memory of 268	2400	Torrent.exe	29
PID 2400 wrote to memory of 268	2400	Torrent.exe	29
PID 2400 wrote to memory of 268	2400	Torrent.exe	29
PID 2400 wrote to memory of 268	2400	Torrent.exe	29
PID 2400 wrote to memory of 268	2400	Torrent.exe	29
PID 2400 wrote to memory of 268	2400	Torrent.exe	29
PID 2400 wrote to memory of 268	2400	Torrent.exe	29
PID 2288 wrote to memory of 1384	2288	f290bcd0a10a945a27348528ae1e28b8_JaffaCakes118.exe	30
PID 2288 wrote to memory of 1384	2288	f290bcd0a10a945a27348528ae1e28b8_JaffaCakes118.exe	30
PID 2288 wrote to memory of 1384	2288	f290bcd0a10a945a27348528ae1e28b8_JaffaCakes118.exe	30
PID 2288 wrote to memory of 1384	2288	f290bcd0a10a945a27348528ae1e28b8_JaffaCakes118.exe	30
PID 1384 wrote to memory of 2532	1384	HIDEIP~1.EXE	31
PID 1384 wrote to memory of 2532	1384	HIDEIP~1.EXE	31
PID 1384 wrote to memory of 2532	1384	HIDEIP~1.EXE	31
PID 1384 wrote to memory of 2532	1384	HIDEIP~1.EXE	31
PID 1384 wrote to memory of 2532	1384	HIDEIP~1.EXE	31
PID 1384 wrote to memory of 2532	1384	HIDEIP~1.EXE	31
PID 1384 wrote to memory of 2532	1384	HIDEIP~1.EXE	31
PID 1384 wrote to memory of 2532	1384	HIDEIP~1.EXE	31
PID 1384 wrote to memory of 2532	1384	HIDEIP~1.EXE	31
PID 1384 wrote to memory of 2532	1384	HIDEIP~1.EXE	31
PID 1384 wrote to memory of 2532	1384	HIDEIP~1.EXE	31

C:\Users\Admin\AppData\Local\Temp\f290bcd0a10a945a27348528ae1e28b8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f290bcd0a10a945a27348528ae1e28b8_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Torrent.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Torrent.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\Users\Admin\AppData\Local\Temp\vbc.exe
    C:\Users\Admin\AppData\Local\Temp\vbc.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:268
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HIDEIP~1.EXE
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HIDEIP~1.EXE
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:1384
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HIDEIP~1.EXE
    "C:\Program Files (x86)\HideIPEasy\HideIPEasy.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\HIDEIP~1.EXE

Filesize
5.8MB

MD5
2454037c9fc6590a3306594cce1655ad

SHA1
0f5972797fccca0f98dc5b4cf7ea88e54e4c9a0e

SHA256
a33bdb04fd028b654998db53088697f49b31bb1fa2ff9f2fc4dcb6cfa9b56316

SHA512
9d2bab08ad9b5e584ecb2d25cfb8db5af5cff3f57345923f2620738246e340f65a0bb9b09c1da0f0aa361f5d99771854a70c136001df072c3089d7c26e20f0c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hide IP Easy\Registry.rw.tvr

Filesize
4KB

MD5
ddf6bf867407ab97867b11dbf4c2bb83

SHA1
e77410dcef0e5207e329f1f2099e0d37527c0a09

SHA256
5b9193b5d3e58e6ac350c85b30b0bdd89b538986b4d9b7bf18cfc62ce14021d0

SHA512
faacfd5b741b39f281150edf4a4055174d1935b1cf2ba9c9fe17ddf8976b4fb43fc7555328a25158febc8cbc35269b65a98510ecd2e15b96b2b640c02f51c58f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hide IP Easy\Registry.rw.tvr

Filesize
4KB

MD5
4df3c9b6715b8073f5f8c324378fbdf8

SHA1
e91882c6090f37c3dcc454b5863d16fda356e770

SHA256
1231bd7d06cdb9493d62d36adcaa33acf3347de9dd8aec4946eb46ec345081e6

SHA512
5f6ced4e0bbdac5bdd8c89f5e882681f316bfd106dbf751921220a049c3bd423b26803ff58183d8d50e724b6878fa8227e6ccb4fb70da207515bf33b146776e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hide IP Easy\Registry.rw.tvr.lck

Filesize
60B

MD5
dadcbb35345af2a9121f6479f08c3238

SHA1
510272b8c917c2759ddf78f09036436f51bab2bf

SHA256
0342b8643bd244671b5014fc727fe6ddb867cc6e90b43fcbcbeda5fb5d5b4497

SHA512
4570aeb193a09aab486adcf02c908955a4ac84246b4aed7935e0532254bba512ae17a3990154acb3fd760883acb6fd473d4cbe1bd20b0380c76246fd36547fd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hide IP Easy\Registry.tlog

Filesize
15KB

MD5
05b7f1f134bcbc6519238871a53b7eb2

SHA1
82bdd8c1ab2569ddfa72db125a242156d1cf175e

SHA256
12060013442d9e86f4a5bb0f5b826ccf537bb1021743b963c92c37277f12629f

SHA512
bb8ac735650594ef8c580841cfe624e331e7954c6ad4d9c512e155b0b6094bfd800cb1afadf5129eb392243baf4fba00f72fb0266cc8a84e2b4b94e4f6895d5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Torrent.exe

Filesize
1.1MB

MD5
8d84aad1f2b00ffa9ed94178e194d9aa

SHA1
915a64bd561f1a153dcc84922fc61677407fa858

SHA256
7ef1439999d378f1f20eb5b9c4cf69f21be55465f2820138650e356d1b3c0aae

SHA512
87eba540440a81e4ff2ce9ebdb550cdfc25c1db696242caec4b1089f0cae4c5df2e9c606f140d3b9d945fc7c0ae085c512b0e1565c6d726e8325e2aeb9831e82

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\Hide IP Easy\SKEL\9f6cfc4add1cd43f43da5b6a60035e6bb31fea7d.Tls

Filesize
376B

MD5
1534b437a832d71674b63cd3319f0784

SHA1
9f6cfc4add1cd43f43da5b6a60035e6bb31fea7d

SHA256
a350561d6fb500531fb34e8d26af6e61c5d8d1e409eb28ed3bbbbe917655c228

SHA512
5a12439ad51b1795b55efa503779da33dfeddd2fc4235fd9c4a5cae13ffc8789b0377f02a9bb6a1c0532f1fbf653dff36d7a38703d8ee4061d57f66aec42bef3

Download Submit
\Users\Admin\AppData\Local\Temp\vbc.exe

Filesize
1.1MB

MD5
34aa912defa18c2c129f1e09d75c1d7e

SHA1
9c3046324657505a30ecd9b1fdb46c05bde7d470

SHA256
6df94b7fa33f1b87142adc39b3db0613fc520d9e7a5fd6a5301dd7f51f8d0386

SHA512
d1ea9368f5d7166180612fd763c87afb647d088498887961f5e7fb0a10f4a808bd5928e8a3666d70ff794093c51ecca8816f75dd47652fd4eb23dce7f9aa1f98

Download Submit
memory/268-22-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/268-36-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/268-24-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/268-23-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/268-28-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/268-21-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/268-17-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/268-19-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/268-167-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/268-26-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/268-38-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/268-41-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/268-40-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/268-39-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/268-37-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/268-30-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/268-32-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/268-34-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download
memory/1384-54-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-59-0x0000000000330000-0x000000000033C000-memory.dmp

Filesize
48KB

Download
memory/1384-49-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-50-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-51-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-55-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-52-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-53-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-68-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-69-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-47-0x0000000079BF0000-0x0000000079C0A000-memory.dmp

Filesize
104KB

Download
memory/1384-140-0x0000000002240000-0x000000000225A000-memory.dmp

Filesize
104KB

Download
memory/1384-139-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/1384-138-0x000000007EFA0000-0x000000007EFB0000-memory.dmp

Filesize
64KB

Download
memory/1384-137-0x0000000077B60000-0x0000000077B61000-memory.dmp

Filesize
4KB

Download
memory/1384-136-0x0000000077B5F000-0x0000000077B60000-memory.dmp

Filesize
4KB

Download
memory/1384-74-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-71-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-70-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-67-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-62-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-61-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-60-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-57-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-56-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-80-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/1384-58-0x0000000001C40000-0x0000000001DC8000-memory.dmp

Filesize
1.5MB

Download
memory/2400-35-0x0000000074C80000-0x000000007522B000-memory.dmp

Filesize
5.7MB

Download
memory/2400-8-0x0000000074C81000-0x0000000074C82000-memory.dmp

Filesize
4KB

Download
memory/2400-9-0x0000000074C80000-0x000000007522B000-memory.dmp

Filesize
5.7MB

Download
memory/2400-10-0x0000000074C80000-0x000000007522B000-memory.dmp

Filesize
5.7MB

Download
memory/2532-142-0x0000000002080000-0x0000000002208000-memory.dmp

Filesize
1.5MB

Download
memory/2532-146-0x0000000002080000-0x0000000002208000-memory.dmp

Filesize
1.5MB

Download
memory/2532-130-0x0000000002080000-0x0000000002208000-memory.dmp

Filesize
1.5MB

Download
memory/2532-129-0x0000000002080000-0x0000000002208000-memory.dmp

Filesize
1.5MB

Download
memory/2532-128-0x0000000002080000-0x0000000002208000-memory.dmp

Filesize
1.5MB

Download
memory/2532-127-0x0000000002080000-0x0000000002208000-memory.dmp

Filesize
1.5MB

Download
memory/2532-135-0x0000000002080000-0x0000000002208000-memory.dmp

Filesize
1.5MB

Download
memory/2532-144-0x0000000002080000-0x0000000002208000-memory.dmp

Filesize
1.5MB

Download
memory/2532-145-0x0000000002080000-0x0000000002208000-memory.dmp

Filesize
1.5MB

Download
memory/2532-131-0x0000000002080000-0x0000000002208000-memory.dmp

Filesize
1.5MB

Download
memory/2532-164-0x0000000077B5F000-0x0000000077B60000-memory.dmp

Filesize
4KB

Download
memory/2532-165-0x0000000077B60000-0x0000000077B61000-memory.dmp

Filesize
4KB

Download
memory/2532-166-0x000000007EFA0000-0x000000007EFB0000-memory.dmp

Filesize
64KB

Download
memory/2532-132-0x0000000002080000-0x0000000002208000-memory.dmp

Filesize
1.5MB

Download
memory/2532-133-0x0000000002080000-0x0000000002208000-memory.dmp

Filesize
1.5MB

Download
memory/2532-328-0x000000007EFA0000-0x000000007EFB0000-memory.dmp

Filesize
64KB

Download
memory/2532-134-0x0000000002080000-0x0000000002208000-memory.dmp

Filesize
1.5MB

Download
memory/2532-141-0x0000000079BF0000-0x0000000079C0A000-memory.dmp

Filesize
104KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads