NetWalker Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (360)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en264
fr66
it8
es6
de6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA228
FR: France70
CO: Colombia10
RU: Russia10
CH: Switzerland6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

NetWalker5
Cobalt Strike2
Conti2
FIN61
Aurora Stealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined110
Content Management System32
Operating System24
Web Server22
Programming Language Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined114
Microsoft26
Linux10
Apache10
Apple8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows12
Linux Kernel10
Microsoft IIS8
Joomla CMS8
PHP6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Microsoft Windows improper authentication6.56.2$25k-$100k$0-$5kNot definedOfficial fix 0.193130.00CVE-2004-0540
2SourceCodester Library Management System index.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000560.07CVE-2022-2492
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
4Tiki Wiki CMS Groupware tiki-edit_wiki_section.php cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.002580.00CVE-2010-4240
5Tiki TikiWiki tiki-editpage.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.012000.08CVE-2004-1386
6Apache HTTP Server Backend Application information disclosure8.38.2$5k-$25k$0-$5kNot definedOfficial fix 0.013220.09CVE-2024-38476
7Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.013870.24CVE-2017-0055
8Apple M1 Register s3_5_c15_c10_1 M1RACLES access control8.88.8$5k-$25k$5k-$25kNot definedNot defined 0.000000.07CVE-2021-30747
9Microsoft SQL Server Remote Code Execution7.37.1$5k-$25k$0-$5kNot definedOfficial fix 0.007880.00CVE-2023-23384
10WordPress admin-ajax.php sql injection7.37.0$25k-$100k$0-$5kHighOfficial fixpossible0.051470.09CVE-2007-2821
11phpMyAdmin grab_globals.lib.php path traversal4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.057310.00CVE-2005-3299
12Francisco Burzi PHP-Nuke Downloads Module viewsdownload sql injection5.35.3$0-$5k$0-$5kNot definedNot defined 0.000130.02CVE-2005-0996
13Apple macOS WebKit memory corruption6.36.0$5k-$25k$0-$5kNot definedOfficial fix 0.006130.00CVE-2021-1844
14Laravel Framework Illuminate PendingCommand.php __destruct deserialization8.58.5$0-$5k$0-$5kNot definedNot defined 0.000000.05CVE-2019-9081
15Ecommerce Online Store Kit shop.php sql injection9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.028070.08CVE-2004-0300
16freeciv os command injection9.89.4$0-$5k$0-$5kNot definedOfficial fix 0.016020.07CVE-2010-2445
17Samba smb.conf samrchangepassword privileges management6.36.0$0-$5k$0-$5kHighOfficial fixpossible0.485650.41CVE-2007-2447
18BestXsoftware Best Free Keylogger syscrb.exe untrusted search path6.56.5$0-$5k$0-$5kNot definedNot defined 0.001650.03CVE-2018-18519
19Trapeze TransitMaster GetSubscriber information disclosure6.46.4$0-$5k$0-$5kNot definedNot defined 0.003160.00CVE-2017-14943
20Jenkins workspaceCleanup permission5.35.2$0-$5k$0-$5kNot definedOfficial fix 0.003110.00CVE-2017-2611

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
193.179.69.154NetWalker04/26/2022verifiedMedium
2141.98.81.191NetWalker04/26/2022verifiedMedium
3XXX.XXX.XXX.XXXxxxxxxxx04/26/2022verifiedMedium
4XXX.XXX.XXX.XXXxxxxxxxx04/26/2022verifiedMedium
5XXX.XXX.XX.XXXxxxxxxxx04/26/2022verifiedMedium
6XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xx.xxx.xx.xxxXxxxxxxxx04/26/2022verifiedMedium
7XXX.XXX.XXX.XXXXxxxxxxxx04/26/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (210)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/admin/ajax/file-browser/upload/predictiveHigh
3File/admin/api/theme-edit/predictiveHigh
4File/admin/config_ISCGroupNoCache.phppredictiveHigh
5File/admin/index.phppredictiveHigh
6File/admin/list_ipAddressPolicy.phppredictiveHigh
7File/apply_noauth.cgipredictiveHigh
8File/cgi-bin/wapopenpredictiveHigh
9File/cgi-bin/wlogin.cgipredictiveHigh
10File/config.cgi?webminpredictiveHigh
11File/core/feeds/custom.phppredictiveHigh
12File/coreframe/app/member/admin/group.phppredictiveHigh
13File/home/masterConsolepredictiveHigh
14File/index.phppredictiveMedium
15File/lib/predictiveLow
16File/manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1predictiveHigh
17File/module/word_model/view/index.phppredictiveHigh
18File/phppath/phppredictiveMedium
19File/public/login.htmpredictiveHigh
20File/public_main_modul.phppredictiveHigh
21File/rom-0predictiveLow
22File/uncpath/predictiveMedium
23File/usr/bin/pkexecpredictiveHigh
24File/var/run/beaker/container_file/predictiveHigh
25File/wireless/basic.asppredictiveHigh
26File/xxxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
27File/xxxxxxxxx/xx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveHigh
28File/xxxxxxxxxxxxxxxxpredictiveHigh
29Filex.x.x\xxxxxx.xxxpredictiveHigh
30Filexxxxx.xxx/xxxxx-x.x.xxx/xxxxxxx.xxx/xxxx.xxxpredictiveHigh
31Filexxxx/xxxpredictiveMedium
32Filexxxxxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxxx-xxxx.xxxpredictiveHigh
35Filexxxxx/xxx_xxxxxxx.xxxpredictiveHigh
36Filexxxxx/xxxxxxx_xxxxxx.xxxpredictiveHigh
37Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
38Filexxxxxx.xxxpredictiveMedium
39Filexxxx.xxxpredictiveMedium
40Filexxxxx-xxx.xpredictiveMedium
41Filexxxxxxx.xxpredictiveMedium
42Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
43Filexxxx.xxxpredictiveMedium
44Filexxx/xxxxxxx.xxpredictiveHigh
45Filexxxxx.xx_xxxxxxxxx.xxxpredictiveHigh
46Filexxxxxxxx/xxxxxxxxxx.xxxxpredictiveHigh
47Filexxxx/xxxxx/xxxxxxx/xxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveHigh
48Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
49Filexxxxx.xxxpredictiveMedium
50Filexxxxxxxx/xxxxxxx_xxxxxxx.xxxpredictiveHigh
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxx_xxxx.xpredictiveMedium
53Filexxxxxxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
54Filexx/xxxxx/xxxxxxx.xpredictiveHigh
55Filexxx_xxxx.xxxpredictiveMedium
56Filexx_xxxxxxx.xpredictiveMedium
57Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
58Filexxxxxxxxx.xxxpredictiveHigh
59Filexxx/xxxxxx/xxxxxxx.xpredictiveHigh
60Filexx_xxxxxxx.xpredictiveMedium
61Filexxxxx_xxxxxx.xxxpredictiveHigh
62Filexxx/xxxxxx.xxxpredictiveHigh
63Filexxxxxxx.xxxpredictiveMedium
64Filexxxxxxx/xxxxx/xxx_xxxx.xpredictiveHigh
65Filexxxxxxxx/xxxxx/xxxxx/xxxx-xxxxxxx-xxxxxxxxx-xxxxxxx-xxxxx.xxxpredictiveHigh
66Filexxxxx.xxpredictiveMedium
67Filexxxxx.xxxpredictiveMedium
68Filexxxxx.xxxpredictiveMedium
69Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveHigh
70Filexxxxxxxxxxxx.xxxpredictiveHigh
71Filexxxx_xxxx.xxxpredictiveHigh
72Filex_xxxxxx.xxxpredictiveMedium
73Filexxxxxx/xxxxxx.xpredictiveHigh
74Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
75Filexxxxx.xxxpredictiveMedium
76Filexxx_xxxxx_xxx.xxxpredictiveHigh
77Filexxxxxxxxxxxxxxxx.xxxx/xxxxxxxxxxxxxpredictiveHigh
78Filexxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
79Filexxxxxxxx.xxpredictiveMedium
80Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
81Filexxx_xxxxx_xxxx.xpredictiveHigh
82Filexxx.xpredictiveLow
83Filexxxxxxxxxxxxxx.xxxpredictiveHigh
84Filexxxxxxx.xxxpredictiveMedium
85Filexxxxxxxxxxxxxx.xxxpredictiveHigh
86Filexxxxxxx.xxxpredictiveMedium
87Filexxxxxxxxxx.xxxpredictiveHigh
88Filexxxxxxx_xxxx.xxxpredictiveHigh
89Filexxxxx.xxxxpredictiveMedium
90Filexxxxxxxx.xxxpredictiveMedium
91Filexxxxxxxx.xxxpredictiveMedium
92Filexxxxxxxx.xxxpredictiveMedium
93Filexxxxxx_xxxxxx.xxxpredictiveHigh
94Filexxxxxx.xxxxpredictiveMedium
95Filexxxxxx_xxxx.xxxpredictiveHigh
96Filexxxx.xxxpredictiveMedium
97Filexxxx/xxxxx.xxx/xxxxx/xxxxx/xxxxxxpredictiveHigh
98Filexxx.xxxxpredictiveMedium
99Filexxx/xxxxxxx/xxxxxxx/xxxxxxxxx.xxpredictiveHigh
100Filexxx/xxxxx.xxpredictiveMedium
101Filexxxxxx.xxxpredictiveMedium
102Filexxxxxxx-xxxxxxxx.xxxpredictiveHigh
103Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
104Filexxxxxxx.xxxpredictiveMedium
105Filexxx/xxxxx/xxxxxx.xxx?xxxxxxx=xxxxxxxpredictiveHigh
106Filexxxx-xxxxxxxx.xxxpredictiveHigh
107Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
108Filexxx-xxxxxxx.xpredictiveHigh
109Filexxxxxxxxxxx_xxxxxx.xxxpredictiveHigh
110Filexx_xxxxx.xxxxpredictiveHigh
111Filexxxxxx.xxxpredictiveMedium
112Filexxxx.xxxxpredictiveMedium
113Filexxxxx.xxxxxx.xxxxxxx.xxxpredictiveHigh
114Filexxxxxxxx.xxxpredictiveMedium
115Filexxxxxxxxxx/xxx/xxx_xxxxx.xxxpredictiveHigh
116Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxx_xxxxxx_xxxxxxpredictiveHigh
117Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
118Filexxxxxxx/xxxxxx/xxxxx.xxxpredictiveHigh
119Filexxxx.xxpredictiveLow
120Filexxxx/xxx.xpredictiveMedium
121Library/xxx/xxx/xxxpredictiveMedium
122Libraryxxxxxxx.xxxpredictiveMedium
123Libraryxxxxxxxx.xxxpredictiveMedium
124Argument$xxxx["xx"]predictiveMedium
125Argument$_xxxxxx['xxx_xxxx']predictiveHigh
126Argument-xpredictiveLow
127Argument.xxx.x.x.x.x.x.xx.x.x.x.x.x.x.x.x.x.x.xpredictiveHigh
128Argumentxx/xxpredictiveLow
129ArgumentxxxxxxxpredictiveLow
130Argumentxxx_xxxxpredictiveMedium
131ArgumentxxxxxxxxpredictiveMedium
132ArgumentxxxxpredictiveLow
133Argumentxxxxx_xxpredictiveMedium
134ArgumentxxxpredictiveLow
135ArgumentxxxxxxxxxxxxxxxpredictiveHigh
136ArgumentxxxxxpredictiveLow
137Argumentxxxxxxx_xxxpredictiveMedium
138ArgumentxxxxxxxpredictiveLow
139Argumentxxxx_xxpredictiveLow
140ArgumentxxxxxxxpredictiveLow
141Argumentxxxx_xxxxxpredictiveMedium
142ArgumentxxxxxxpredictiveLow
143ArgumentxxxxxxpredictiveLow
144Argumentxxxx/xxxxpredictiveMedium
145ArgumentxxxxpredictiveLow
146Argumentxxxxxx_xxx_xxpredictiveHigh
147Argumentxxxxxxxx_xxpredictiveMedium
148ArgumentxxxxxxxpredictiveLow
149Argumentxxxxx_xxxpredictiveMedium
150Argumentxxxxx_xxpredictiveMedium
151ArgumentxxxxxxpredictiveLow
152ArgumentxxxxxpredictiveLow
153ArgumentxxxxxxxxxxpredictiveMedium
154Argumentxxx_xxxxx_xxpredictiveMedium
155Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
156ArgumentxxxxxxxxpredictiveMedium
157ArgumentxxxxpredictiveLow
158ArgumentxxxxxpredictiveLow
159ArgumentxxxxxxxpredictiveLow
160ArgumentxxxxxxxpredictiveLow
161ArgumentxxxxxxxpredictiveLow
162Argumentxxxxxxx/xxxxxxxxxxxpredictiveHigh
163ArgumentxxxxpredictiveLow
164ArgumentxxpredictiveLow
165Argumentxxx/xxxxpredictiveMedium
166ArgumentxxxxpredictiveLow
167ArgumentxxxxpredictiveLow
168ArgumentxxxpredictiveLow
169ArgumentxxxpredictiveLow
170ArgumentxxxxxxpredictiveLow
171ArgumentxxxpredictiveLow
172ArgumentxxxxpredictiveLow
173ArgumentxxxxxxxpredictiveLow
174ArgumentxxxxpredictiveLow
175ArgumentxxxxxxxxpredictiveMedium
176ArgumentxxxxxxxxpredictiveMedium
177Argumentxxxx_xxxpredictiveMedium
178ArgumentxxxxxxxxpredictiveMedium
179Argumentxxxx_xxpredictiveLow
180ArgumentxxxxxpredictiveLow
181ArgumentxxxxxpredictiveLow
182Argumentxxxxx_xxxpredictiveMedium
183ArgumentxxxxxxpredictiveLow
184ArgumentxxxpredictiveLow
185ArgumentxxxxxxxxxxxxpredictiveMedium
186ArgumentxxxxxxxxxxpredictiveMedium
187Argumentxxxxx/xxx/xxxxxxxxpredictiveHigh
188ArgumentxxpredictiveLow
189ArgumentxxxxxpredictiveLow
190Argumentxx_xxxxpredictiveLow
191ArgumentxxxxxxxxxpredictiveMedium
192ArgumentxxxxpredictiveLow
193Argumentxxxx/xxxx/xxxpredictiveHigh
194ArgumentxxxxxxpredictiveLow
195ArgumentxxxxxxpredictiveLow
196ArgumentxxxxxxxxpredictiveMedium
197Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
198Argumentxxxxxxxxxxxxxx)predictiveHigh
199Argumentxxxxxxxxxxxx_xxxxpredictiveHigh
200Argumentxxxxxx/xxxxxx/xxxx/xxxxpredictiveHigh
201Input Value"><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
202Input Value-x/xxxxxxxxxxpredictiveHigh
203Input Value../predictiveLow
204Input Value../..predictiveLow
205Input Value;[xxxxxxx]predictiveMedium
206Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
207Input Valuexxxxxxxxxx:/*predictiveHigh
208Network Portxxxx xxxxpredictiveMedium
209Network Portxxx/xxxxpredictiveMedium
210Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!