gh0strat | 99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/01/2025, 12:35 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe
Size

1.2MB
MD5

b9900203ea07d684fce8d25eb20b82b6
SHA1

1bd469299ad133dda4f14e47f6d32df42e969712
SHA256

99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa
SHA512

b55d9a8e9f632445332e9ac2f609598cbe47f80b52d2b36f04154d266b11d6221195135beab6bf4042d8a53861dbfb6f7db366a1208c744749854a86005d7cbb
SSDEEP

24576:/i2Tro2H2HESq2eWJ6MQjySjy9r3VG+DR9P5FUvnGVffrMLC15wvnPdsqQ4+:/xTc2H2tFvduyScrrR56GBILCgvhk

Score

10^/10

gh0strat purplefox discovery persistence rat rootkit trojan upx

Malware Config

Signatures

Detect PurpleFox Rootkit 6 IoCs

Detect PurpleFox Rootkit.

rootkit

resource	yara_rule
behavioral1/memory/1264-13-0x0000000010000000-0x00000000101B6000-memory.dmp	purplefox_rootkit
behavioral1/memory/1264-19-0x0000000010000000-0x00000000101B6000-memory.dmp	purplefox_rootkit
behavioral1/memory/1264-42-0x0000000010000000-0x00000000101B6000-memory.dmp	purplefox_rootkit
behavioral1/memory/2684-50-0x0000000010000000-0x00000000101B6000-memory.dmp	purplefox_rootkit
behavioral1/memory/2684-54-0x0000000010000000-0x00000000101B6000-memory.dmp	purplefox_rootkit
behavioral1/memory/2684-55-0x0000000010000000-0x00000000101B6000-memory.dmp	purplefox_rootkit

Gh0st RAT payload 6 IoCs

resource	yara_rule
behavioral1/memory/1264-13-0x0000000010000000-0x00000000101B6000-memory.dmp	family_gh0strat
behavioral1/memory/1264-19-0x0000000010000000-0x00000000101B6000-memory.dmp	family_gh0strat
behavioral1/memory/1264-42-0x0000000010000000-0x00000000101B6000-memory.dmp	family_gh0strat
behavioral1/memory/2684-50-0x0000000010000000-0x00000000101B6000-memory.dmp	family_gh0strat
behavioral1/memory/2684-54-0x0000000010000000-0x00000000101B6000-memory.dmp	family_gh0strat
behavioral1/memory/2684-55-0x0000000010000000-0x00000000101B6000-memory.dmp	family_gh0strat

Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
rat gh0strat
Gh0strat family
gh0strat
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
rootkit trojan purplefox
Purplefox family
purplefox

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\drivers\QAssist.sys	TXPlatforn.exe

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QAssist\ImagePath = "system32\\DRIVERS\\QAssist.sys"	TXPlatforn.exe

Executes dropped EXE 5 IoCs

pid	Process
1264	RVN.exe
1148	HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe
2408	HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.tmp
2000	TXPlatforn.exe
2684	TXPlatforn.exe

Loads dropped DLL 6 IoCs

pid	Process
2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe
2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe
1148	HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe
2408	HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.tmp
2408	HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.tmp
2000	TXPlatforn.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\TXPlatforn.exe	RVN.exe
File opened for modification	C:\Windows\SysWOW64\TXPlatforn.exe	RVN.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1264-11-0x0000000010000000-0x00000000101B6000-memory.dmp	upx
behavioral1/memory/1264-13-0x0000000010000000-0x00000000101B6000-memory.dmp	upx
behavioral1/memory/1264-19-0x0000000010000000-0x00000000101B6000-memory.dmp	upx
behavioral1/memory/1264-42-0x0000000010000000-0x00000000101B6000-memory.dmp	upx
behavioral1/memory/2684-50-0x0000000010000000-0x00000000101B6000-memory.dmp	upx
behavioral1/memory/2684-54-0x0000000010000000-0x00000000101B6000-memory.dmp	upx
behavioral1/memory/2684-55-0x0000000010000000-0x00000000101B6000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RVN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TXPlatforn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2676	cmd.exe
2720	PING.EXE

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2720	PING.EXE

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
2684	TXPlatforn.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	1264	RVN.exe
Token: SeLoadDriverPrivilege	2684	TXPlatforn.exe
Token: 33	2684	TXPlatforn.exe
Token: SeIncBasePriorityPrivilege	2684	TXPlatforn.exe
Token: 33	2684	TXPlatforn.exe
Token: SeIncBasePriorityPrivilege	2684	TXPlatforn.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 1264	2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	31
PID 2456 wrote to memory of 1264	2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	31
PID 2456 wrote to memory of 1264	2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	31
PID 2456 wrote to memory of 1264	2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	31
PID 2456 wrote to memory of 1264	2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	31
PID 2456 wrote to memory of 1264	2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	31
PID 2456 wrote to memory of 1264	2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	31
PID 2456 wrote to memory of 1148	2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	32
PID 2456 wrote to memory of 1148	2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	32
PID 2456 wrote to memory of 1148	2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	32
PID 2456 wrote to memory of 1148	2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	32
PID 2456 wrote to memory of 1148	2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	32
PID 2456 wrote to memory of 1148	2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	32
PID 2456 wrote to memory of 1148	2456	99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	32
PID 1148 wrote to memory of 2408	1148	HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	33
PID 1148 wrote to memory of 2408	1148	HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	33
PID 1148 wrote to memory of 2408	1148	HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	33
PID 1148 wrote to memory of 2408	1148	HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	33
PID 1148 wrote to memory of 2408	1148	HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	33
PID 1148 wrote to memory of 2408	1148	HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	33
PID 1148 wrote to memory of 2408	1148	HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe	33
PID 1264 wrote to memory of 2676	1264	RVN.exe	35
PID 1264 wrote to memory of 2676	1264	RVN.exe	35
PID 1264 wrote to memory of 2676	1264	RVN.exe	35
PID 1264 wrote to memory of 2676	1264	RVN.exe	35
PID 2000 wrote to memory of 2684	2000	TXPlatforn.exe	37
PID 2000 wrote to memory of 2684	2000	TXPlatforn.exe	37
PID 2000 wrote to memory of 2684	2000	TXPlatforn.exe	37
PID 2000 wrote to memory of 2684	2000	TXPlatforn.exe	37
PID 2000 wrote to memory of 2684	2000	TXPlatforn.exe	37
PID 2000 wrote to memory of 2684	2000	TXPlatforn.exe	37
PID 2000 wrote to memory of 2684	2000	TXPlatforn.exe	37
PID 2676 wrote to memory of 2720	2676	cmd.exe	38
PID 2676 wrote to memory of 2720	2676	cmd.exe	38
PID 2676 wrote to memory of 2720	2676	cmd.exe	38
PID 2676 wrote to memory of 2720	2676	cmd.exe	38

C:\Users\Admin\AppData\Local\Temp\99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe
"C:\Users\Admin\AppData\Local\Temp\99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Users\Admin\AppData\Local\Temp\RVN.exe
  C:\Users\Admin\AppData\Local\Temp\\RVN.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1264
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\RVN.exe > nul
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Windows\SysWOW64\PING.EXE
      ping -n 2 127.0.0.1
      4⤵
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:2720
- C:\Users\Admin\AppData\Local\Temp\HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe
  C:\Users\Admin\AppData\Local\Temp\HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1148
- - C:\Users\Admin\AppData\Local\Temp\is-1JPH7.tmp\HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-1JPH7.tmp\HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.tmp" /SL5="$4010A,379430,54272,C:\Users\Admin\AppData\Local\Temp\HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2408

C:\Windows\SysWOW64\TXPlatforn.exe
C:\Windows\SysWOW64\TXPlatforn.exe -auto
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\TXPlatforn.exe
  C:\Windows\SysWOW64\TXPlatforn.exe -acsi
  2⤵
  - Drops file in Drivers directory
  - Sets service image path in registry
  - Executes dropped EXE
  - Suspicious behavior: LoadsDriver
  - Suspicious use of AdjustPrivilegeToken
  PID:2684

Network

DNS

hackerinvasion.f3322.net

TXPlatforn.exe

Remote address:

8.8.8.8:53

Request

hackerinvasion.f3322.net

IN A

Response

No results found

8.8.8.8:53

hackerinvasion.f3322.net

dns

TXPlatforn.exe

70 B
131 B
1
1

DNS Request

hackerinvasion.f3322.net

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Remote System Discovery

T1018

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\HD_X.dat

Filesize
568KB

MD5
9228d162b87f8a96855b2a33f8cf88a3

SHA1
b9c08e84aaf15a96f0a279972f1bacb756badde3

SHA256
b7c23636179ba5a14ceaa53f5307efb3e5c8ff88be1b7a68c84118b7fdb4aabf

SHA512
4a41e9e1f4310bb3ea0eab2e9336f01f35713aded8fc74a17a23b57fdb67d1f0030c5b88363768057a9b2370c2d7da5f91489479e3a2ee6a9a1ecc6fc4421fe3

Download Submit
\Users\Admin\AppData\Local\Temp\HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.exe

Filesize
626KB

MD5
f07f17326600b802da09c71342cb6d69

SHA1
ebcc4d8bcf020c9ea9b8d164e183ccfb947f7856

SHA256
a9aaeabb00e991dd40de3415e9ef71b380928e41d35b4bc8dbd5807c41669016

SHA512
beb81f069f14f10ba1ac0a494d4bb1056ac1a24592a8b510a99082207d01f827312d7663fc02075850e227b066413d2a82d794e762c58994cf89fe010a95cedb

Download Submit
\Users\Admin\AppData\Local\Temp\RVN.exe

Filesize
377KB

MD5
80ade1893dec9cab7f2e63538a464fcc

SHA1
c06614da33a65eddb506db00a124a3fc3f5be02e

SHA256
57a920389c044e3f5cf93dabff67070b4511e79779b6f874e08f92d8b0d7afbd

SHA512
fffd4f3fccb5301b3c7a5b3bd92747f31549fbd9d0803fe5d502d1bb0ef979140988718c2ee1406ed3e755790d275185e120a56cbcb5ed2eadf62b5cdbfc4cc4

Download Submit
\Users\Admin\AppData\Local\Temp\is-1JPH7.tmp\HD_99f749e71bf6cd8dad0c9e1025bd4d7721eeb8eb8456bce14cba53d6145ebdfa.tmp

Filesize
696KB

MD5
8aa8c628f7b7b7f3e96eff00557bd0bf

SHA1
9af9cf61707cbba7bf0d7cbed94e8db91aff8bd6

SHA256
14d4fa3ea6c3fbf6e9d284de717e73a1ebb5e77f3d5c8c98808e40ade359ea9d

SHA512
5e0a4765873684fce159af81310e37b6918c923ccede0c4de0bd1e2e221425109131830cff02e3f910f15b0401ee3b4ae68700b6d29a5e8466f6d4ee1dcd6eeb

Download Submit
\Users\Admin\AppData\Local\Temp\is-GRVD3.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
memory/1148-20-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/1148-16-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1148-56-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1264-11-0x0000000010000000-0x00000000101B6000-memory.dmp

Filesize
1.7MB

Download
memory/1264-13-0x0000000010000000-0x00000000101B6000-memory.dmp

Filesize
1.7MB

Download
memory/1264-19-0x0000000010000000-0x00000000101B6000-memory.dmp

Filesize
1.7MB

Download
memory/1264-42-0x0000000010000000-0x00000000101B6000-memory.dmp

Filesize
1.7MB

Download
memory/2408-57-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2408-71-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2408-87-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2408-85-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2408-59-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2408-62-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2408-64-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2408-66-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2408-69-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2408-83-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2408-73-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2408-76-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2408-78-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2408-80-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2408-37-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2684-55-0x0000000010000000-0x00000000101B6000-memory.dmp

Filesize
1.7MB

Download
memory/2684-50-0x0000000010000000-0x00000000101B6000-memory.dmp

Filesize
1.7MB

Download
memory/2684-54-0x0000000010000000-0x00000000101B6000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.