sality | 23734d7a5922bf74e912246b7515f09a23997b37c2ad88e2024514abd38c98c6

Analysis

max time kernel
148s
max time network
128s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 23:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23734d7a5922bf74e912246b7515f09a23997b37c2ad88e2024514abd38c98c6_NeikiAnalytics.dll
Size

120KB
MD5

aae61b49c5987663d776ade89f89f4a0
SHA1

06818c92b72fd06d719571d27a9fd4c49fe2c70f
SHA256

23734d7a5922bf74e912246b7515f09a23997b37c2ad88e2024514abd38c98c6
SHA512

d720eaa9a4c80b96f785e0e10b0b7192de639d97a5db4181b8266e2e4f45a83db396ff510dfe65a0f9ea9e9ffbbf0d67766655568e16312ccfc0b89146dec5dd
SSDEEP

1536:+kpH0vSJcPK0XpwszisLFloFQvp4dmTvkvWFYB/m/JTDuzlaVz0HIEWMsyz:FpUvSmpwQLFloCvOmTZFIlegoEK

Score

10^/10

sality backdoor evasion trojan upx

Malware Config

Extracted

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

Modifies firewall policy service 3 TTPs 3 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

Processes:

f766b9f.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0"	f766b9f.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0"	f766b9f.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "1"	f766b9f.exe

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality
UAC bypass 3 TTPs 1 IoCs
evasion trojan

Bypass User Account Control
T1548.002

Disable or Modify Tools
T1562.001

Modify Registry
T1112

Processes:

f766b9f.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" f766b9f.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	f766b9f.exe

Windows security bypass 2 TTPs 6 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

f766b9f.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1"	f766b9f.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1"	f766b9f.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1"	f766b9f.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1"	f766b9f.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1"	f766b9f.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1"	f766b9f.exe

Executes dropped EXE 3 IoCs

Processes:

f766b9f.exef766ed9.exef768527.exe

pid process

2980 f766b9f.exe
2684 f766ed9.exe
2016 f768527.exe
Loads dropped DLL 6 IoCs

Processes:

rundll32.exe

pid process

1668 rundll32.exe
1668 rundll32.exe
1668 rundll32.exe
1668 rundll32.exe
1668 rundll32.exe
1668 rundll32.exe

pid	process
2980	f766b9f.exe
2684	f766ed9.exe
2016	f768527.exe

pid	process
1668	rundll32.exe
1668	rundll32.exe
1668	rundll32.exe
1668	rundll32.exe
1668	rundll32.exe
1668	rundll32.exe

UPX packed file 23 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2980-23-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-18-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-20-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-15-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-21-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-17-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-16-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-19-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-14-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-22-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-64-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-65-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-66-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-67-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-68-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-70-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-85-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-87-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-90-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-91-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-111-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2980-156-0x0000000000590000-0x000000000164A000-memory.dmp	upx
behavioral1/memory/2684-161-0x0000000000960000-0x0000000001A1A000-memory.dmp	upx

Windows security modification 2 TTPs 7 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

f766b9f.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1"	f766b9f.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1"	f766b9f.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1"	f766b9f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc	f766b9f.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1"	f766b9f.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1"	f766b9f.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1"	f766b9f.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

f766b9f.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" f766b9f.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	f766b9f.exe

Enumerates connected drives 3 TTPs 14 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

f766b9f.exe

description	ioc	process
File opened (read-only)	\??\J:	f766b9f.exe
File opened (read-only)	\??\K:	f766b9f.exe
File opened (read-only)	\??\M:	f766b9f.exe
File opened (read-only)	\??\P:	f766b9f.exe
File opened (read-only)	\??\R:	f766b9f.exe
File opened (read-only)	\??\H:	f766b9f.exe
File opened (read-only)	\??\I:	f766b9f.exe
File opened (read-only)	\??\L:	f766b9f.exe
File opened (read-only)	\??\N:	f766b9f.exe
File opened (read-only)	\??\O:	f766b9f.exe
File opened (read-only)	\??\E:	f766b9f.exe
File opened (read-only)	\??\G:	f766b9f.exe
File opened (read-only)	\??\Q:	f766b9f.exe
File opened (read-only)	\??\S:	f766b9f.exe

Drops file in Windows directory 2 IoCs

Processes:

f766b9f.exe

description ioc process

File created C:\Windows\f766c1b f766b9f.exe
File opened for modification C:\Windows\SYSTEM.INI f766b9f.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

f766b9f.exe

pid process

2980 f766b9f.exe
2980 f766b9f.exe

description	ioc	process
File created	C:\Windows\f766c1b	f766b9f.exe
File opened for modification	C:\Windows\SYSTEM.INI	f766b9f.exe

pid	process
2980	f766b9f.exe
2980	f766b9f.exe

Suspicious use of AdjustPrivilegeToken 21 IoCs

Processes:

f766b9f.exe

description	pid	process
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe
Token: SeDebugPrivilege	2980	f766b9f.exe

Suspicious use of WriteProcessMemory 33 IoCs

Processes:

rundll32.exerundll32.exef766b9f.exe

description	pid	process	target process
PID 2228 wrote to memory of 1668	2228	rundll32.exe	rundll32.exe
PID 2228 wrote to memory of 1668	2228	rundll32.exe	rundll32.exe
PID 2228 wrote to memory of 1668	2228	rundll32.exe	rundll32.exe
PID 2228 wrote to memory of 1668	2228	rundll32.exe	rundll32.exe
PID 2228 wrote to memory of 1668	2228	rundll32.exe	rundll32.exe
PID 2228 wrote to memory of 1668	2228	rundll32.exe	rundll32.exe
PID 2228 wrote to memory of 1668	2228	rundll32.exe	rundll32.exe
PID 1668 wrote to memory of 2980	1668	rundll32.exe	f766b9f.exe
PID 1668 wrote to memory of 2980	1668	rundll32.exe	f766b9f.exe
PID 1668 wrote to memory of 2980	1668	rundll32.exe	f766b9f.exe
PID 1668 wrote to memory of 2980	1668	rundll32.exe	f766b9f.exe
PID 2980 wrote to memory of 1212	2980	f766b9f.exe	taskhost.exe
PID 2980 wrote to memory of 1292	2980	f766b9f.exe	Dwm.exe
PID 2980 wrote to memory of 1348	2980	f766b9f.exe	Explorer.EXE
PID 2980 wrote to memory of 2044	2980	f766b9f.exe	DllHost.exe
PID 2980 wrote to memory of 2228	2980	f766b9f.exe	rundll32.exe
PID 2980 wrote to memory of 1668	2980	f766b9f.exe	rundll32.exe
PID 2980 wrote to memory of 1668	2980	f766b9f.exe	rundll32.exe
PID 1668 wrote to memory of 2684	1668	rundll32.exe	f766ed9.exe
PID 1668 wrote to memory of 2684	1668	rundll32.exe	f766ed9.exe
PID 1668 wrote to memory of 2684	1668	rundll32.exe	f766ed9.exe
PID 1668 wrote to memory of 2684	1668	rundll32.exe	f766ed9.exe
PID 1668 wrote to memory of 2016	1668	rundll32.exe	f768527.exe
PID 1668 wrote to memory of 2016	1668	rundll32.exe	f768527.exe
PID 1668 wrote to memory of 2016	1668	rundll32.exe	f768527.exe
PID 1668 wrote to memory of 2016	1668	rundll32.exe	f768527.exe
PID 2980 wrote to memory of 1212	2980	f766b9f.exe	taskhost.exe
PID 2980 wrote to memory of 1292	2980	f766b9f.exe	Dwm.exe
PID 2980 wrote to memory of 1348	2980	f766b9f.exe	Explorer.EXE
PID 2980 wrote to memory of 2684	2980	f766b9f.exe	f766ed9.exe
PID 2980 wrote to memory of 2684	2980	f766b9f.exe	f766ed9.exe
PID 2980 wrote to memory of 2016	2980	f766b9f.exe	f768527.exe
PID 2980 wrote to memory of 2016	2980	f766b9f.exe	f768527.exe

System policy modification 1 TTPs 1 IoCs
evasion

Modify Registry
T1112

Processes:

f766b9f.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" f766b9f.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	f766b9f.exe

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1212

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1292

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1348

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\23734d7a5922bf74e912246b7515f09a23997b37c2ad88e2024514abd38c98c6_NeikiAnalytics.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2228

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\23734d7a5922bf74e912246b7515f09a23997b37c2ad88e2024514abd38c98c6_NeikiAnalytics.dll,#1
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1668

C:\Users\Admin\AppData\Local\Temp\f766b9f.exe
C:\Users\Admin\AppData\Local\Temp\f766b9f.exe
4⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2980

C:\Users\Admin\AppData\Local\Temp\f766ed9.exe
C:\Users\Admin\AppData\Local\Temp\f766ed9.exe
4⤵
- Executes dropped EXE
PID:2684

C:\Users\Admin\AppData\Local\Temp\f768527.exe
C:\Users\Admin\AppData\Local\Temp\f768527.exe
4⤵
- Executes dropped EXE
PID:2016

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:2044

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\f766b9f.exe
Filesize
97KB

MD5
032bcefa3c10fcbde64a0f6dd8a86009

SHA1
c03fc6e34eaaaff97f3135036d6fcf0c55ae8d83

SHA256
e44b83ee1afe225ae08b9349ad5571f685c3f9ea3561f2396933b0931bd0442c

SHA512
28acb88a5b66883dda129c35946c7c8e4c2e87ff83fd99917380f83c2454461cdd0ee2d99213d37dfb7d5669d42f18aec10653695f3f4a62e4a77b9b247f4f80

Download Submit
memory/1212-29-0x0000000000490000-0x0000000000492000-memory.dmp

Filesize
8KB

Download
memory/1668-60-0x0000000000790000-0x00000000007A2000-memory.dmp

Filesize
72KB

Download
memory/1668-8-0x00000000001F0000-0x0000000000202000-memory.dmp

Filesize
72KB

Download
memory/1668-1-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download
memory/1668-48-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/1668-79-0x0000000000680000-0x0000000000682000-memory.dmp

Filesize
8KB

Download
memory/1668-84-0x00000000001F0000-0x00000000001F2000-memory.dmp

Filesize
8KB

Download
memory/1668-39-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/1668-38-0x0000000000680000-0x0000000000682000-memory.dmp

Filesize
8KB

Download
memory/1668-61-0x0000000000680000-0x0000000000682000-memory.dmp

Filesize
8KB

Download
memory/1668-82-0x00000000007B0000-0x00000000007C2000-memory.dmp

Filesize
72KB

Download
memory/1668-58-0x0000000000680000-0x0000000000682000-memory.dmp

Filesize
8KB

Download
memory/1668-9-0x00000000001F0000-0x0000000000202000-memory.dmp

Filesize
72KB

Download
memory/2016-106-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2016-109-0x0000000000260000-0x0000000000262000-memory.dmp

Filesize
8KB

Download
memory/2016-107-0x0000000000260000-0x0000000000262000-memory.dmp

Filesize
8KB

Download
memory/2016-83-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2016-167-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2684-108-0x0000000000260000-0x0000000000262000-memory.dmp

Filesize
8KB

Download
memory/2684-102-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2684-63-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2684-101-0x0000000000260000-0x0000000000262000-memory.dmp

Filesize
8KB

Download
memory/2684-161-0x0000000000960000-0x0000000001A1A000-memory.dmp

Filesize
16.7MB

Download
memory/2684-163-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2980-17-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-90-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-59-0x0000000000480000-0x0000000000482000-memory.dmp

Filesize
8KB

Download
memory/2980-66-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-67-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-68-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-70-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-65-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-64-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-85-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-22-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-14-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-87-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-49-0x00000000016D0000-0x00000000016D1000-memory.dmp

Filesize
4KB

Download
memory/2980-91-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-19-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-16-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-11-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2980-21-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-15-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-51-0x0000000000480000-0x0000000000482000-memory.dmp

Filesize
8KB

Download
memory/2980-111-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-124-0x0000000000480000-0x0000000000482000-memory.dmp

Filesize
8KB

Download
memory/2980-156-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-157-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2980-20-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-18-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download
memory/2980-23-0x0000000000590000-0x000000000164A000-memory.dmp

Filesize
16.7MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads