All public logs

Jump to navigation Jump to search

Combined display of all available logs of ema. You can narrow down the view by selecting a log type, the username (case-sensitive), or the affected page (also case-sensitive).

Logs
(newest | oldest) View (newer 100 | ) (20 | 50 | 100 | 250 | 500)
  • 15:07, 30 September 2020 127.0.0.1 talk created page smw/schema:Group:Exif special properties (Semantic Extra Special Properties import)
  • 15:07, 30 September 2020 127.0.0.1 talk created page smw/schema:Group:Extra special properties (Semantic Extra Special Properties import)
  • 15:07, 30 September 2020 127.0.0.1 talk created page smw/schema:Group:Schema properties (Semantic MediaWiki group import)
  • 19:01, 14 November 2018 Dbeck talk contribs deleted page c2 communication (content was: "{{Behavior |Name=code insertion |Description=Inserting code to impede disassembly. '''Examples:''' * Dead Code Insertion: Inclusion of "dead" code in the malware instance with no real functionality but with the intent of impeding disas...")
  • 11:40, 22 October 2018 Dbeck talk contribs restored page & Generate Fraudulent Advertising Revenue (mobile) (10 revisions)
  • 11:16, 18 October 2018 Dbeck talk contribs deleted page Ema-1226 (content was: "{{Behavior |Name=prevent native API hooking |Description=The 'prevent native api hooking' Behavior prevents other software from hooking native system APIs. |Associated Capabilities=Ema-1028 }}")
  • 11:12, 18 October 2018 Dbeck talk contribs deleted page Ema-1183 (content was: "{{Behavior |Name=prevent memory access |Description=The 'prevent memory access' Behavior prevents access to system memory where the malware instance may be storing code or data. |Associated Capabilities=Ema-1028 }}")
  • 10:53, 18 October 2018 Dbeck talk contribs deleted page Ema-1182 (content was: "{{Behavior |Name=prevent registry deletion |Description=The 'prevent registry deletion' Behavior prevent Windows registry keys and/or values associated with the malware instance from being deleted from a system. |Associated Capabilities=...")
  • 10:50, 18 October 2018 Dbeck talk contribs deleted page Ema-1185 (content was: "{{Behavior |Name=prevent registry access |Description=The 'prevent registry access' Behavior prevents access to the Windows registry, including to the entire registry and/or to particular registry keys/values. |Associated Capabilities=Em...")
  • 10:48, 18 October 2018 Dbeck talk contribs deleted page Ema-1181 (content was: "{{Behavior |Name=prevent file deletion |Description=The 'prevent file deletion' Behavior prevents files and/or directories associated with the malware instance from being deleted from a system. |Associated Capabilities=Ema-1028 }}")
  • 10:47, 18 October 2018 Dbeck talk contribs deleted page Ema-1184 (content was: "{{Behavior |Name=prevent file access |Description=The 'prevent file access' Behavior prevents access to the file system, including to specific files and/or directories associated with the malware instance. |Associated Capabilities=Ema-10...")
  • 10:46, 18 October 2018 Dbeck talk contribs deleted page Ema-1180 (content was: "{{Behavior |Name=prevent API unhooking |Description=The 'prevent api unhooking' Behavior prevent the API hooks installed by the malware instance from being removed. |Associated Capabilities=Ema-1028 }}")
  • 10:42, 18 October 2018 Dbeck talk contribs deleted page Ema-1222 (content was: "{{Behavior |Name=hide userspace libraries: Rootkit |Description=The 'hide userspace libraries' Behavior hides the usage of userspace libraries by the malware instance. |Associated Capabilities=Ema-1028 }}")
  • 10:42, 18 October 2018 Dbeck talk contribs deleted page Ema-1218 (content was: "{{Behavior |Name=hide threads: Rootkit |Description=The 'hide threads' Behavior hides one or more threads that belong to the malware instance. |Associated Capabilities=Ema-1028 }}")
  • 10:42, 18 October 2018 Dbeck talk contribs deleted page Ema-1219 (content was: "{{Behavior |Name=hide services: Rootkit |Description=The 'hide services' Behavior hides any system services that the malware instance creates or injects itself into. |Associated Capabilities=Ema-1028 }}")
  • 10:40, 18 October 2018 Dbeck talk contribs deleted page Ema-1149 (content was: "{{Behavior |Name=disable system file overwrite protection: Disabling Security Tools |Description=The ‘disable system file overwrite protection’ Behavior disables system file overwrite protection mechanisms such as Windows file protec...")
  • 15:54, 17 October 2018 Dbeck talk contribs deleted page Ema-1223 (content was: "{{Behavior |Name=execute stealthy code |Description=The 'execute stealthy code' Behavior executes some or all of the code of the malware instance in a hidden manner (e.g., by injecting it into a benign process). |Associated Capabilities=...")
  • 15:52, 17 October 2018 Dbeck talk contribs deleted page Ema-1252 (content was: "{{Behavior |Name=evade static heuristic |Description=Some AV can be easily fool by analyzing it. For example, an heuristic engine can try to figure out if a file are using a dual extension (e.g: invoice.doc.exe) and determine the file as...")
  • 15:15, 14 October 2018 Dbeck talk contribs deleted page Ema-1134 (content was: "{{Behavior |Name=log activity |Description=The 'log activity' Behavior logs the activity of the malware instance. |Associated Capabilities=Ema-1011 |References= }}")
  • 14:57, 14 October 2018 Dbeck talk contribs deleted page Ema-1209 (content was: "{{Behavior |Name=persist after system reboot |Description=The 'persist after system reboot' Behavior continues the execution of the malware instance after a system reboot. |Associated Attributes=Attribute:27 |Associated Capabilities=Ema-...")
  • 14:57, 14 October 2018 Dbeck talk contribs deleted page Ema-1074 (content was: "{{Behavior Instance |Associated Behavior=Ema-1209 |Name=Router Firmware Image Modification |Description=Cisco routers can have their firmware images modified in order to maliciously infect and persist on end-user machines in a network. T...")
  • 14:48, 14 October 2018 Dbeck talk contribs deleted page Ema-1071 (content was: "{{Behavior Instance |Associated Behavior=Ema-1209 |Name=Private API Exploitation |Description=On iOS, private APIs can be abused in the iOS system to implement malicious functionalities. |Privilege Level=User space |Supporting Details={{...")
  • 14:29, 14 October 2018 Dbeck talk contribs deleted page + private api exploitation (Mobile) (content was: "{{Behavior |Name=UEFI Bootloader Injection |Description=Mac's UEFI bootloader can be exploited in a number of ways via an EFI DXE driver tha...", and the only contributor was "Dbeck" (talk))
  • 14:26, 14 October 2018 Dbeck talk contribs deleted page Ema-1073 (content was: "{{Behavior Instance |Associated Behavior=Ema-1209 |Name=Windows Shutdown Event |Description=In Windows, the shutdown event triggered by WinLogon can be registered by an application to allow a malicious DLL a chance to execute every time...")
  • 14:22, 14 October 2018 Dbeck talk contribs deleted page Ema-1104 (content was: "{{Behavior Instance |Associated Behavior=Ema-1209 |Name=Malicious Network Driver |Description=Malicious network drivers can be installed on several machines on a network via an exploited server with high uptime. Once the drivers are inst...")
  • 14:00, 14 October 2018 Dbeck talk contribs deleted page Ema-1085 (content was: "{{Behavior Instance |Associated Behavior=Ema-1209 |Name=+ Surreptitious Application Installation |Description=In OSX, application directories and files can be installed unbeknownst to the user. Web browsers and search engines can also be...")
  • 13:45, 14 October 2018 Dbeck talk contribs deleted page Ema-1083 (content was: "{{Behavior Instance |Associated Behavior=Ema-1209 |Name=Kernel Extension (Kext) Rootkit |Description=On Macs, Kext (kernel extension) rootkits can be created via the Generic Kernel Extension template in XCode and exist in the kernel even...")
  • 13:43, 14 October 2018 Dbeck talk contribs deleted page Ema-1077 (content was: "{{Behavior Instance |Associated Behavior=Ema-1209 |Name=Launchd.conf Exploitation |Description=launchd is the first user-mode program to execute during OS X’s initialization. The launchd.conf file contains configuration parameters for...")
  • 13:41, 14 October 2018 Dbeck talk contribs deleted page Ema-1082 (content was: "{{Behavior Instance |Associated Behavior=Ema-1209 |Name=Launch Daemon and Launch Agent Exploitation |Description=On Macs, launch daemons and launch agents can be abused to gain mailware persistence. |Privilege Level=User space |Supportin...")
  • 13:36, 14 October 2018 Dbeck talk contribs deleted page Ema-1075 (content was: "{{Behavior Instance |Associated Behavior=Ema-1209 |Name=DYLD_INSERT_LIBRARIES Exploitation |Description=In Mac OSX, DYLD_INSERT_LIBRARIES can be abused to load malicious libraries to ensure that a malicious library will persistently be l...")
  • 13:27, 14 October 2018 Dbeck talk contribs deleted page Ema-1216 (content was: "{{Behavior |Name=autonomous remote infection |Description=The 'autonomous remote infection' Behavior infects a remote machine autonomously, without the involvement of any end user (e.g., through the exploitation of a remote procedure cal...")
  • 13:17, 14 October 2018 Dbeck talk contribs deleted page Ema-1137 (content was: "{{Behavior |Name=install legitimate software |Description=The 'install legitimate software' Behavior install legitimate (i.e. non-malware) software on the same system on which the malware instance is executing. |Associated Capabilities=E...")
  • 20:07, 11 October 2018 Dbeck talk contribs deleted page Ema-1212 (content was: "{{Behavior |Name=re-instantiate self |Description=The 're-instantiate self' Behavior re-establishes the malware instance on the system after it is initially detected and partially removed. |Associated Capabilities=Ema-1016 }}")
  • 13:21, 9 October 2018 Dbeck talk contribs deleted page Ema-1136 (content was: "{{Behavior |Name=install secondary module |Description=The 'install secondary module' Behavior installs a secondary module (typically related to the malware instance itself) on the same system on which the malware instance is executing....")
  • 18:44, 3 October 2018 Dbeck talk contribs deleted page Ema-1165 (content was: "{{Behavior |Name=XXX-encrypt self |Description=The 'encrypt self' Behavior encrypts the executing code (in memory) that belongs to the malware instance. |Associated Attributes=Attribute:6 |Associated Capabilities=Ema-1028 }}")
  • 18:24, 3 October 2018 Dbeck talk contribs restored page api hooking (11 revisions)
  • 13:55, 3 October 2018 Dbeck talk contribs deleted page & Generate Fraudulent Advertising Revenue (mobile) (content was: "{{Behavior |Name=XXX-click fraud |Description=The 'click fraud' Behavior simulates legitimate user clicks on website advertisements for the purpose of revenue generation. |Associated Capabilities=Ema-1002 |References={{Reference |Date=20...")
  • 13:50, 3 October 2018 Dbeck talk contribs deleted page Ema-1240 (content was: "{{Behavior |Name=update configuration |Description=The 'update configuration' Behavior updates the configuration of the malware instance using data received from a command and control server. |Associated Capabilities=Ema-1017 }}")
  • 13:34, 3 October 2018 Dbeck talk contribs deleted page Ema-1120 (content was: "{{Behavior |Name=host fingerprint |Description=Compare a previously computed host fingerprint to one computed for the current system on which the malware instance is executing, to determine if the malware instance is still executing on t...")
  • 13:34, 3 October 2018 Dbeck talk contribs deleted page Ema-1095 (content was: "{{Behavior Instance |Associated Behavior=Ema-1120 |Name=API Call: GetVolumeInformation |Description=Abusing this API call on Windows can give an attacker the GUID on a system drive. This can then be compared to a running host's GUID valu...")
  • 13:22, 3 October 2018 Dbeck talk contribs deleted page + surreptitious application installation (content was: "{{Behavior |Name=XXX-hardware detection |Description=Malware can inspect the hardware of the OS/"box" that it is running on and use this to determine whether it's being executed on a sandbox. This includes: * Memory size: Most modern ma...")
  • 13:21, 3 October 2018 Dbeck talk contribs deleted page & Hooking (content was: "{{Behavior |Name=user interaction detection |Description=Malware can detect if there is any "user" activity on the sandbox, such as the movement of the mouse cursor or a non-default wallpaper. Can also determine a user environment (vs a...")
  • 10:57, 3 October 2018 Dbeck talk contribs deleted page Ema-1038 (content was: "{{Behavior |Name=instruction overlap |Description=Jumping after the first byte of an instruction. Confuses some disassemblers. |Associated C...", and the only contributor was "Dbeck" (talk))
  • 10:56, 3 October 2018 Dbeck talk contribs deleted page Ema-1036 (content was: "{{Behavior |Name=imports by hash |Description=DLL loaded and then each export name is parsed until it matches a specific hash, instead of a...", and the only contributor was "Dbeck" (talk))
  • 21:08, 2 October 2018 Dbeck talk contribs deleted page Ema-1044 (content was: "{{Behavior |Name=stack strings |Description=Strings are built and decrypted on the stack at each use, then discarded (to avoid obvious refer...", and the only contributor was "Dbeck" (talk))
  • 21:06, 2 October 2018 Dbeck talk contribs deleted page + windows shutdown event (content was: "{{Behavior |Name=import compression |Description=Imports are stored and loaded with a more compact import table format. Each DLL needed by t...", and the only contributor was "Dbeck" (talk))
  • 12:15, 2 October 2018 Dbeck talk contribs deleted page & Software Packing (content was: "{{Behavior |Name=execution delay |Description=This technique is used for delaying execution of the malicious code. Stalling code is typically executed before any malicious behavior. The attacker’s aim is to delay the execution of the m...")
  • 21:17, 27 September 2018 Dbeck talk contribs restored page embedded file hooking (6 revisions)
  • 21:16, 27 September 2018 Dbeck talk contribs deleted page + malicious network driver (content was: "{{Behavior |Name=test |Description=test |Associated Capabilities=Ema-1026 }}", and the only contributor was "Dbeck" (talk))
  • 12:19, 23 September 2018 Dbeck talk contribs deleted page Ema-1236 (content was: "{{Behavior |Name=c2 host communication |Description=The 'c2 host communication' includes: * 'check for payload' - checks whether a new payload is available for download. * 'request email address list' - requests the current list of emai...")
  • 12:18, 23 September 2018 Dbeck talk contribs deleted page Ema-1208 (content was: "{{Behavior |Name=persist after os changes |Description=The 'persist after os changes' Behavior continues the execution of the malware instance after the operating system under which it is executing is modified, such as being installed or...")
  • 12:18, 23 September 2018 Dbeck talk contribs deleted page Ema-1070 (content was: "{{Behavior Instance |Associated Behavior=Ema-1208 |Name=UEFI Bootloader Injection |Description=Mac's UEFI bootloader can be exploit...", and the only contributor was "Cicalese" (talk))
  • 11:10, 16 September 2018 Dbeck talk contribs deleted page Ema-1178 (covered by Premium SMS Tool Fraud (Mobile ATT&CK))
  • 12:04, 7 September 2018 Dbeck talk contribs deleted page Ema-1241 (this is too close to definition of c2)
  • 11:46, 7 September 2018 Dbeck talk contribs deleted page Ema-1238 (moved into 'c2 host communication')
  • 11:46, 7 September 2018 Dbeck talk contribs deleted page Ema-1237 (moved into 'c2 host communication')
  • 11:46, 7 September 2018 Dbeck talk contribs deleted page Ema-1124 (moved into 'c2 host communication')
  • 11:45, 7 September 2018 Dbeck talk contribs deleted page Ema-1123 (moved into 'c2 host communication')
  • 10:41, 2 September 2018 Dbeck talk contribs deleted page Ema-1121 (content was: "{{Behavior |Name=fingerprint host |Description=The 'fingerprint host' Behavior creates a unique fingerprint for the system on which the malware instance is executing, e.g., based on the applications that are installed on the system. |Ass...")
  • 10:40, 2 September 2018 Dbeck talk contribs deleted page Ema-1096 (content was: "{{Behavior Instance |Associated Behavior=Ema-1121 |Name=OpCode Frequency Distribution |Description=Needs to be revisited |Supporting Details= |Code Snippets= |References={{Reference |URL=https://www.blackhat.com/presentations/bh-usa-06/B...")
  • 17:30, 1 September 2018 Dbeck talk contribs deleted page Ema-1172 (covered by inhibit memory dumping)
  • 13:17, 31 August 2018 Dbeck talk contribs deleted page Ema-1047 (content was: "{{Behavior |Name=virtualize packer |Description=Virtualizes [part of] packer stub code. This is a general category of anti-analysis and may...", and the only contributor was "Dbeck" (talk))
  • 13:07, 31 August 2018 Dbeck talk contribs deleted page Ema-1034 (covered by ATT&CK Process Injection)
  • 18:29, 30 August 2018 Dbeck talk contribs deleted page Ema-1050 (content was: "{{Behavior |Name=tool limitation |Description=Prevent the use of a tool via a specific limitation. This is a general category of anti-analysis and may refer to any number of techniques. |Associated Capabilities=Ema-1010,Ema-1026 }}")
  • 18:27, 30 August 2018 Dbeck talk contribs restored page Ema-1050 (6 revisions)
  • 18:27, 30 August 2018 Dbeck talk contribs deleted page Ema-1154 (content was: "{{Behavior |Name=block security websites |Description=The 'block security websites' Behavior prevents access from the system on which the malware instance is executing to one or more security vendor or security-related websites. |Associa...")
  • 18:27, 30 August 2018 Dbeck talk contribs restored page Ema-1154 (6 revisions)
  • 18:26, 30 August 2018 Dbeck talk contribs deleted page embedded file hooking (covered by ATT&CK Hooking)
  • 18:26, 30 August 2018 Dbeck talk contribs restored page embedded file hooking (6 revisions)
  • 18:07, 30 August 2018 Dbeck talk contribs deleted page embedded file hooking (covered by ATT&CK Hooking)
  • 18:04, 30 August 2018 Dbeck talk contribs deleted page Ema-1154 (covered by ATT&CK Disabling Security Tools)
  • 10:27, 30 August 2018 Dbeck talk contribs deleted page api hooking (overlaps with ATT&CK Hooking)
  • 10:26, 30 August 2018 Dbeck talk contribs deleted page Ema-1050 (overlaps with ATT&CK Disabling Security Tools)
  • 09:59, 30 August 2018 Dbeck talk contribs deleted page Ema-1224 (overlaps with ATT&CK Rootkit technique)
  • 09:56, 30 August 2018 Dbeck talk contribs restored page Ema-1224 (10 revisions)
  • 09:42, 30 August 2018 Dbeck talk contribs deleted page Ema-1224 (overlaps with ATT&CK Rootkit technique)
  • 10:53, 15 August 2018 Dbeck talk contribs deleted page Ema-1147 (content was: "{{Behavior |Name=disable OS security alerts |Description=The ‘disable OS security alerts’ Behavior disables operating system (OS) security alert messages that could lead to identification and/or notification of the presence of the ma...")
  • 10:47, 15 August 2018 Dbeck talk contribs deleted page Ema-1246 (content was: "{{Behavior |Name=inventory security products |Description=The 'inventory security products' Behavior creates an inventory of the security products installed or running on a system. |Associated Attributes=Attribute:27 |Associated Capabili...")
  • 10:47, 15 August 2018 Dbeck talk contribs deleted page Ema-1069 (content was: "{{Behavior Instance |Associated Behavior=Ema-1246 |Name=API Call: getInstalledPackages |Description=getInstalledPackages is used to get the list of installed Packages on the device, and is then compared against a list of security product...")
  • 08:53, 7 August 2018 Dbeck talk contribs deleted page Discovery (content was: "{{Capability |Name=Fraud |Description=Indicates that the malware instance is able to defraud a user or a system. }}")
  • 12:27, 27 July 2018 Dbeck talk contribs restored page hide kernel modules (10 revisions)
  • 12:25, 27 July 2018 Dbeck talk contribs deleted page hide kernel modules (content was: "{{Behavior |Name=hide kernel modules |Description=The 'hide kernel modules' Behavior hides the usage of any kernel modules by the malware instance. |Associated Attributes=Attribute:27 |Associated Capabilities=Ema-1028 }}")
  • 12:15, 27 July 2018 Dbeck talk contribs deleted page Ema-1151 (content was: "{{Behavior |Name=stop execution of security software |Description=The 'stop execution of security program' Behavior stops the execution of one or more instances of security software that may already be executing on a system. '''Examples...")
  • 12:15, 27 July 2018 Dbeck talk contribs deleted page Ema-1098 (content was: "{{Behavior Instance |Associated Behavior=Ema-1151 |Name=API Call: restartPackage |Description=Calling restartPackage on an already executing piece of security software can stop its its execution on a device. |Privilege Level=User space |...")
  • 11:29, 27 July 2018 Dbeck talk contribs deleted page & Component Firmware (content was: "{{Behavior |Name=injection |Description=Original file is injected in existing process (nothing written to disk and possibly higher privs). |...", and the only contributor was "Dbeck" (talk))
  • 11:25, 27 July 2018 Dbeck talk contribs deleted page Ema-1171 (content was: "{{Behavior |Name=feed misinformation during physical memory acquisition |Description=The 'feed misinformation during physical memory acquisition' Behavior reports inaccurate data when the contents of the physical memory of the system on...")
  • 10:58, 27 July 2018 Dbeck talk contribs deleted page Ema-1080 (content was: "{{Behavior Instance |Associated Behavior=Ema-1216 |Name=Web Injection |Description=On Macs, unpatched versions of applications can be exploited via malicious websites. |Privilege Level=User space |Supporting Details={{Supporting Detail |...")
  • 10:55, 27 July 2018 Dbeck talk contribs restored page Ema-1080 (24 revisions)
  • 10:53, 27 July 2018 Dbeck talk contribs deleted page Ema-1080 (content was: "{{Behavior Instance |Associated Behavior=Ema-1216 |Name=Web Injection |Description=On Macs, unpatched versions of applications can be exploited via malicious websites. |Privilege Level=User space |Supporting Details={{Supporting Detail |...")
  • 10:37, 27 July 2018 Dbeck talk contribs deleted page + malicious network driver (content was: "{{Behavior |Name=merge code sections |Description=Merge all sections; just one entry in the sections table. Only affects readability slightl...", and the only contributor was "Dbeck" (talk))
  • 10:36, 27 July 2018 Dbeck talk contribs deleted page Privilege Escalation (content was: "{{Behavior |Name=interleaving code |Description=A form of obfuscation that splits code into sections that are rearranged and con...", and the only contributor was "Ikirillov" (talk))
  • 10:28, 27 July 2018 Dbeck talk contribs deleted page + private api exploitation (Mobile) (content was: "{{Behavior |Name=symbolic obfuscation |Description=The removing or renaming of textual information in the code of the malware in...", and the only contributor was "Ikirillov" (talk))
  • 10:28, 27 July 2018 Dbeck talk contribs deleted page Credential Access (content was: "{{Behavior |Name=import address table obfuscation |Description=Obfuscation of the import address table of the malware instance,...", and the only contributor was "Ikirillov" (talk))
  • 10:27, 27 July 2018 Dbeck talk contribs deleted page & Rootkit (content was: "{{Behavior |Name=entrypoint obfuscation |Description=Obfuscation of the entry point of the malware executable, in order to hinde...", and the only contributor was "Ikirillov" (talk))
  • 10:25, 27 July 2018 Dbeck talk contribs deleted page Ema-1043 (content was: "{{Behavior |Name=minification |Description=Per wikipedia, minification is 'the process of removing all unnecessary characters from source co...", and the only contributor was "Dbeck" (talk))
  • 08:46, 27 July 2018 Dbeck talk contribs deleted page Ema-1042 (content was: "{{Behavior |Name=thunk insertion |Description=Variation on “jump”; also used by some compilers for user-generated functions (ex: Visual...", and the only contributor was "Dbeck" (talk))
  • 08:43, 27 July 2018 Dbeck talk contribs deleted page Ema-1040 (content was: "{{Behavior |Name=junk code insertion |Description=Insertion of dummy code between relevant opcodes. Can make signature writing more complex....", and the only contributor was "Dbeck" (talk))
  • 08:41, 27 July 2018 Dbeck talk contribs deleted page Ema-1041 (content was: "{{Behavior |Name=jump insertion |Description=Insertion of jumps to make analysis visually harder. |Associated Capabilities=Ema-1010 }}", and the only contributor was "Dbeck" (talk))
  • 08:40, 27 July 2018 Dbeck talk contribs deleted page Ema-1045 (content was: "{{Behavior |Name=fake code insertion |Description=Add fake code similar to known packers or known goods to fool identification. Can confuse...", and the only contributor was "Dbeck" (talk))
  • 08:17, 27 July 2018 Dbeck talk contribs deleted page Ema-1111 (content was: "{{Behavior |Name=steal web/network credential |Description=The 'steal web/network credential' Behavior steals usernames, passwords, or other forms of web (e.g., for logging into a website) and/or network credentials. |Associated Attribut...")
(newest | oldest) View (newer 100 | ) (20 | 50 | 100 | 250 | 500)