darkcomet | f1d06b078b4ba01577ac77d51b5b817cf0dc5aaf1f42f9a900315d1321a7c95b

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
02/01/2025, 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Size

754KB
MD5

620745eb357249f9a22e2fd3ae78e180
SHA1

4ef382dbdc997e84abcccb4e84c1ba9f72f1a7f1
SHA256

f1d06b078b4ba01577ac77d51b5b817cf0dc5aaf1f42f9a900315d1321a7c95b
SHA512

48b65ee65dda9a3490b3c8f9ce96c5738113e856b9d680a9b214e74522cad507df6ee03ba0ee3b66476a3ba351f84c3e8c621269f4c118865dd849c7d1801588
SSDEEP

12288:WyJ5A3o8pLWg8+RTEQUHJrtrloElGDBqj/5VCGPGkHdez:vsZf8+RQpJrZldlGDBqj/jCQGkHi

Score

10^/10

darkcomet latentbot hackedjuajua discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

hackedjuajua

lolandtroll.zapto.org:1

Mutex

DC_MUTEX-5S19488

Attributes

InstallPath
MSdDCSC\msdcfsc.exe
gencode
oRQoqohwZ100
install
true
offline_keylogger
true
password
mortinato
persistence
true
reg_key
MicroUpdates

Extracted

Family

latentbot

lolandtroll.zapto.org

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
trojan latentbot
Latentbot family
latentbot

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\MSdDCSC\\msdcfsc.exe"	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe

Executes dropped EXE 2 IoCs

pid	Process
2964	msdcfsc.exe
2800	msdcfsc.exe

Loads dropped DLL 2 IoCs

pid	Process
2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicroUpdates = "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\MSdDCSC\\msdcfsc.exe"	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\MicroUpdates = "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\MSdDCSC\\msdcfsc.exe"	msdcfsc.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	msdcfsc.exe
File opened (read-only)	\??\O:	msdcfsc.exe
File opened (read-only)	\??\A:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\G:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\B:	msdcfsc.exe
File opened (read-only)	\??\I:	msdcfsc.exe
File opened (read-only)	\??\L:	msdcfsc.exe
File opened (read-only)	\??\A:	msdcfsc.exe
File opened (read-only)	\??\J:	msdcfsc.exe
File opened (read-only)	\??\U:	msdcfsc.exe
File opened (read-only)	\??\J:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\T:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\V:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\Y:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\Z:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\Y:	msdcfsc.exe
File opened (read-only)	\??\H:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\U:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\P:	msdcfsc.exe
File opened (read-only)	\??\Q:	msdcfsc.exe
File opened (read-only)	\??\X:	msdcfsc.exe
File opened (read-only)	\??\L:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\N:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\R:	msdcfsc.exe
File opened (read-only)	\??\K:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\S:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\S:	msdcfsc.exe
File opened (read-only)	\??\W:	msdcfsc.exe
File opened (read-only)	\??\O:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\Q:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\H:	msdcfsc.exe
File opened (read-only)	\??\K:	msdcfsc.exe
File opened (read-only)	\??\Z:	msdcfsc.exe
File opened (read-only)	\??\I:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\T:	msdcfsc.exe
File opened (read-only)	\??\V:	msdcfsc.exe
File opened (read-only)	\??\W:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\X:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\E:	msdcfsc.exe
File opened (read-only)	\??\B:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\E:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\M:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\P:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\R:	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
File opened (read-only)	\??\G:	msdcfsc.exe
File opened (read-only)	\??\M:	msdcfsc.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2380 set thread context of 2260	2380	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	30
PID 2964 set thread context of 2800	2964	msdcfsc.exe	32

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcfsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcfsc.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeSecurityPrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeTakeOwnershipPrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeLoadDriverPrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeSystemProfilePrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeSystemtimePrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeProfSingleProcessPrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeIncBasePriorityPrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeCreatePagefilePrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeBackupPrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeRestorePrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeShutdownPrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeDebugPrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeSystemEnvironmentPrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeChangeNotifyPrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeRemoteShutdownPrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeUndockPrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeManageVolumePrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeImpersonatePrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeCreateGlobalPrivilege	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: 33	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: 34	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: 35	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
Token: SeIncreaseQuotaPrivilege	2800	msdcfsc.exe
Token: SeSecurityPrivilege	2800	msdcfsc.exe
Token: SeTakeOwnershipPrivilege	2800	msdcfsc.exe
Token: SeLoadDriverPrivilege	2800	msdcfsc.exe
Token: SeSystemProfilePrivilege	2800	msdcfsc.exe
Token: SeSystemtimePrivilege	2800	msdcfsc.exe
Token: SeProfSingleProcessPrivilege	2800	msdcfsc.exe
Token: SeIncBasePriorityPrivilege	2800	msdcfsc.exe
Token: SeCreatePagefilePrivilege	2800	msdcfsc.exe
Token: SeBackupPrivilege	2800	msdcfsc.exe
Token: SeRestorePrivilege	2800	msdcfsc.exe
Token: SeShutdownPrivilege	2800	msdcfsc.exe
Token: SeDebugPrivilege	2800	msdcfsc.exe
Token: SeSystemEnvironmentPrivilege	2800	msdcfsc.exe
Token: SeChangeNotifyPrivilege	2800	msdcfsc.exe
Token: SeRemoteShutdownPrivilege	2800	msdcfsc.exe
Token: SeUndockPrivilege	2800	msdcfsc.exe
Token: SeManageVolumePrivilege	2800	msdcfsc.exe
Token: SeImpersonatePrivilege	2800	msdcfsc.exe
Token: SeCreateGlobalPrivilege	2800	msdcfsc.exe
Token: 33	2800	msdcfsc.exe
Token: 34	2800	msdcfsc.exe
Token: 35	2800	msdcfsc.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2380	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
2964	msdcfsc.exe
2800	msdcfsc.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2260	2380	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	30
PID 2380 wrote to memory of 2260	2380	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	30
PID 2380 wrote to memory of 2260	2380	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	30
PID 2380 wrote to memory of 2260	2380	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	30
PID 2380 wrote to memory of 2260	2380	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	30
PID 2380 wrote to memory of 2260	2380	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	30
PID 2380 wrote to memory of 2260	2380	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	30
PID 2380 wrote to memory of 2260	2380	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	30
PID 2380 wrote to memory of 2260	2380	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	30
PID 2380 wrote to memory of 2260	2380	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	30
PID 2380 wrote to memory of 2260	2380	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	30
PID 2380 wrote to memory of 2260	2380	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	30
PID 2380 wrote to memory of 2260	2380	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	30
PID 2260 wrote to memory of 2964	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	31
PID 2260 wrote to memory of 2964	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	31
PID 2260 wrote to memory of 2964	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	31
PID 2260 wrote to memory of 2964	2260	JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe	31
PID 2964 wrote to memory of 2800	2964	msdcfsc.exe	32
PID 2964 wrote to memory of 2800	2964	msdcfsc.exe	32
PID 2964 wrote to memory of 2800	2964	msdcfsc.exe	32
PID 2964 wrote to memory of 2800	2964	msdcfsc.exe	32
PID 2964 wrote to memory of 2800	2964	msdcfsc.exe	32
PID 2964 wrote to memory of 2800	2964	msdcfsc.exe	32
PID 2964 wrote to memory of 2800	2964	msdcfsc.exe	32
PID 2964 wrote to memory of 2800	2964	msdcfsc.exe	32
PID 2964 wrote to memory of 2800	2964	msdcfsc.exe	32
PID 2964 wrote to memory of 2800	2964	msdcfsc.exe	32
PID 2964 wrote to memory of 2800	2964	msdcfsc.exe	32
PID 2964 wrote to memory of 2800	2964	msdcfsc.exe	32
PID 2964 wrote to memory of 2800	2964	msdcfsc.exe	32

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe"
1⤵
- Enumerates connected drives
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe
  "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_620745eb357249f9a22e2fd3ae78e180.exe"
  2⤵
  - Modifies WinLogon for persistence
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2260
- - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSdDCSC\msdcfsc.exe
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSdDCSC\msdcfsc.exe"
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2964
  - - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSdDCSC\msdcfsc.exe
      "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSdDCSC\msdcfsc.exe"
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSdDCSC\msdcfsc.exe

Filesize
754KB

MD5
620745eb357249f9a22e2fd3ae78e180

SHA1
4ef382dbdc997e84abcccb4e84c1ba9f72f1a7f1

SHA256
f1d06b078b4ba01577ac77d51b5b817cf0dc5aaf1f42f9a900315d1321a7c95b

SHA512
48b65ee65dda9a3490b3c8f9ce96c5738113e856b9d680a9b214e74522cad507df6ee03ba0ee3b66476a3ba351f84c3e8c621269f4c118865dd849c7d1801588

Download Submit
memory/2260-8-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2260-18-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2260-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2260-11-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2260-10-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2260-9-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2260-14-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2260-7-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2260-16-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2260-17-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2260-2-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2260-4-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2260-6-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2260-15-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2260-58-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-57-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-65-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-56-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-73-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-60-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-61-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-62-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-63-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-64-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-55-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-66-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-67-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-68-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-69-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-70-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-71-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2800-72-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2964-32-0x0000000002C10000-0x0000000003704000-memory.dmp

Filesize
11.0MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads