blackshades | ca1fd7ccc5cc3440b10630643e584b8a49da646d6f04cfb6152d0469e6cad8d1

Analysis

max time kernel
148s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2025 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Size

414KB
MD5

46a691951f5509444b7363de172c85a6
SHA1

079d2992775d148f4218e8fe2faef0f0ec2397c2
SHA256

ca1fd7ccc5cc3440b10630643e584b8a49da646d6f04cfb6152d0469e6cad8d1
SHA512

961ce26c66a38507f9610bf51c55f61879918c2f42da669acedcd3e69c8387b2f6b0388b4e0577b3374100308e5b213bd1fd712eb71647995fbab3e9a629c4fb
SSDEEP

12288:03v6CfAjsFcHQYwod+C6maA+NQ4hZdxZur:0CwAQFc5d+Tv24ndxIr

Score

10^/10

blackshades defense_evasion discovery rat trojan upx

Malware Config

Signatures

Blackshades
Blackshades is a remote access trojan with various capabilities.
rat blackshades
Blackshades family
blackshades

Blackshades payload 5 IoCs

resource	yara_rule
behavioral2/memory/4552-11-0x0000000000400000-0x0000000000474000-memory.dmp	family_blackshades
behavioral2/memory/4552-18-0x0000000000400000-0x0000000000474000-memory.dmp	family_blackshades
behavioral2/memory/4552-19-0x0000000000400000-0x0000000000474000-memory.dmp	family_blackshades
behavioral2/memory/4552-20-0x0000000000400000-0x0000000000474000-memory.dmp	family_blackshades
behavioral2/memory/4552-24-0x0000000000400000-0x0000000000474000-memory.dmp	family_blackshades

Modifies firewall policy service 3 TTPs 8 IoCs

defense_evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications	reg.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_46a691951f5509444b7363de172c85a6.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\JaffaCakes118_46a691951f5509444b7363de172c85a6.exe:*:Enabled:Windows Messanger"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	reg.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	reg.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 4584 set thread context of 3492	4584	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	81
PID 3492 set thread context of 4552	3492	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	82

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3492-2-0x0000000000400000-0x000000000049A000-memory.dmp	upx
behavioral2/memory/3492-5-0x0000000000400000-0x000000000049A000-memory.dmp	upx
behavioral2/memory/3492-6-0x0000000000400000-0x000000000049A000-memory.dmp	upx
behavioral2/memory/3492-4-0x0000000000400000-0x000000000049A000-memory.dmp	upx
behavioral2/memory/4552-7-0x0000000000400000-0x0000000000474000-memory.dmp	upx
behavioral2/memory/4552-9-0x0000000000400000-0x0000000000474000-memory.dmp	upx
behavioral2/memory/4552-11-0x0000000000400000-0x0000000000474000-memory.dmp	upx
behavioral2/memory/3492-16-0x0000000000400000-0x000000000049A000-memory.dmp	upx
behavioral2/memory/4552-18-0x0000000000400000-0x0000000000474000-memory.dmp	upx
behavioral2/memory/4552-19-0x0000000000400000-0x0000000000474000-memory.dmp	upx
behavioral2/memory/4552-20-0x0000000000400000-0x0000000000474000-memory.dmp	upx
behavioral2/memory/4552-24-0x0000000000400000-0x0000000000474000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe

Modifies registry key 1 TTPs 4 IoCs

Modify Registry

T1112

pid	Process
3472	reg.exe
1684	reg.exe
2984	reg.exe
1188	reg.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: 1	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeCreateTokenPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeAssignPrimaryTokenPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeLockMemoryPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeIncreaseQuotaPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeMachineAccountPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeTcbPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeSecurityPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeTakeOwnershipPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeLoadDriverPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeSystemProfilePrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeSystemtimePrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeProfSingleProcessPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeIncBasePriorityPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeCreatePagefilePrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeCreatePermanentPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeBackupPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeRestorePrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeShutdownPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeDebugPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeAuditPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeSystemEnvironmentPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeChangeNotifyPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeRemoteShutdownPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeUndockPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeSyncAgentPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeEnableDelegationPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeManageVolumePrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeImpersonatePrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeCreateGlobalPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: 31	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: 32	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: 33	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: 34	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: 35	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
Token: SeDebugPrivilege	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4584	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 3492	4584	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	81
PID 4584 wrote to memory of 3492	4584	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	81
PID 4584 wrote to memory of 3492	4584	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	81
PID 4584 wrote to memory of 3492	4584	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	81
PID 4584 wrote to memory of 3492	4584	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	81
PID 4584 wrote to memory of 3492	4584	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	81
PID 4584 wrote to memory of 3492	4584	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	81
PID 4584 wrote to memory of 3492	4584	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	81
PID 3492 wrote to memory of 4552	3492	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	82
PID 3492 wrote to memory of 4552	3492	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	82
PID 3492 wrote to memory of 4552	3492	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	82
PID 3492 wrote to memory of 4552	3492	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	82
PID 3492 wrote to memory of 4552	3492	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	82
PID 3492 wrote to memory of 4552	3492	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	82
PID 3492 wrote to memory of 4552	3492	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	82
PID 3492 wrote to memory of 4552	3492	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	82
PID 3492 wrote to memory of 4552	3492	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	82
PID 3492 wrote to memory of 4552	3492	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	82
PID 4552 wrote to memory of 2960	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	83
PID 4552 wrote to memory of 2960	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	83
PID 4552 wrote to memory of 2960	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	83
PID 4552 wrote to memory of 1412	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	84
PID 4552 wrote to memory of 1412	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	84
PID 4552 wrote to memory of 1412	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	84
PID 4552 wrote to memory of 2032	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	85
PID 4552 wrote to memory of 2032	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	85
PID 4552 wrote to memory of 2032	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	85
PID 4552 wrote to memory of 2060	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	86
PID 4552 wrote to memory of 2060	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	86
PID 4552 wrote to memory of 2060	4552	JaffaCakes118_46a691951f5509444b7363de172c85a6.exe	86
PID 2032 wrote to memory of 1684	2032	cmd.exe	91
PID 2032 wrote to memory of 1684	2032	cmd.exe	91
PID 2032 wrote to memory of 1684	2032	cmd.exe	91
PID 2960 wrote to memory of 1188	2960	cmd.exe	92
PID 2960 wrote to memory of 1188	2960	cmd.exe	92
PID 2960 wrote to memory of 1188	2960	cmd.exe	92
PID 1412 wrote to memory of 2984	1412	cmd.exe	93
PID 1412 wrote to memory of 2984	1412	cmd.exe	93
PID 1412 wrote to memory of 2984	1412	cmd.exe	93
PID 2060 wrote to memory of 3472	2060	cmd.exe	94
PID 2060 wrote to memory of 3472	2060	cmd.exe	94
PID 2060 wrote to memory of 3472	2060	cmd.exe	94

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_46a691951f5509444b7363de172c85a6.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
  2⤵
  - Checks whether UAC is enabled
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3492
- - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_46a691951f5509444b7363de172c85a6.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4552
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2960
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
        5⤵
        Modifies firewall policy service
        System Location Discovery: System Language Discovery
        Modifies registry key
        
        PID:1188
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_46a691951f5509444b7363de172c85a6.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_46a691951f5509444b7363de172c85a6.exe:*:Enabled:Windows Messanger" /f
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1412
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_46a691951f5509444b7363de172c85a6.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_46a691951f5509444b7363de172c85a6.exe:*:Enabled:Windows Messanger" /f
        5⤵
        Modifies firewall policy service
        System Location Discovery: System Language Discovery
        Modifies registry key
        
        PID:2984
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2032
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
        5⤵
        Modifies firewall policy service
        System Location Discovery: System Language Discovery
        Modifies registry key
        
        PID:1684
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\:*:Enabled:Windows Messanger" /f
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2060
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\:*:Enabled:Windows Messanger" /f
        5⤵
        System Location Discovery: System Language Discovery
        Modifies registry key
        
        PID:3472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\data.dat

Filesize
33B

MD5
453d8317eba15af4bba5861a9ed43e6e

SHA1
7e733bcfb0a8ba09806187658ae5a7fd692baa7a

SHA256
57c691845099ef98217432f0387d5806361bf969bc89ad42a9020d03720903f4

SHA512
410b5c9c3e3e998b3462dc0c6b0f472a17a9168977c28663b8be097030d7c466fb42ca9aa8e6c5c7a61b68f521d60bf3aa344d89d5d9046d6f1bb1e5bc812837

Download Submit
memory/3492-2-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/3492-5-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/3492-6-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/3492-4-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/3492-16-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/4552-11-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/4552-9-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/4552-18-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/4552-19-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/4552-20-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/4552-24-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/4552-7-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads