NetWalker Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (339)

Chronologie

Langue

en240
fr74
de8
ru8
it6

De campagne

us192
fr74
ru16
co10
ch6

Acteurs

NetWalker5
Conti2
Cobalt Strike2
IcedID1
Bashlite1

Activités

Intérêt

Chronologie

Taper

Not Defined124
Content Management System24
Operating System24
Web Server18
WordPress Plugin10

Fournisseur

Not Defined102
Microsoft26
Apple8
Oracle8
Apache8

Produit

Microsoft Windows14
Microsoft IIS8
Linux Kernel6
Jenkins6
Joomla CMS4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1Microsoft Windows authentification faible6.56.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.02397CVE-2004-0540
2SourceCodester Library Management System index.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00114CVE-2022-2492
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
4Tiki Wiki CMS Groupware tiki-edit_wiki_section.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00110CVE-2010-4240
5Tiki TikiWiki tiki-editpage.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.050.01194CVE-2004-1386
6Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00548CVE-2017-0055
7Apple M1 Register s3_5_c15_c10_1 M1RACLES elévation de privilèges8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00000CVE-2021-30747
8Microsoft SQL Server Remote Code Execution7.37.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00186CVE-2023-23384
9WordPress admin-ajax.php sql injection7.37.3$25k-$100k$0-$5kHighOfficial Fix0.020.05147CVE-2007-2821
10phpMyAdmin grab_globals.lib.php directory traversal4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.02334CVE-2005-3299
11Francisco Burzi PHP-Nuke Downloads Module viewsdownload sql injection5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00187CVE-2005-0996
12Apple macOS WebKit buffer overflow6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00218CVE-2021-1844
13Laravel Framework Illuminate PendingCommand.php __destruct elévation de privilèges8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01269CVE-2019-9081
14Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.03763CVE-2004-0300
15freeciv elévation de privilèges9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00412CVE-2010-2445
16Samba smb.conf samrchangepassword elévation de privilèges6.36.0$0-$5k$0-$5kHighOfficial Fix0.020.75074CVE-2007-2447
17BestXsoftware Best Free Keylogger syscrb.exe elévation de privilèges6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00060CVE-2018-18519
18Trapeze TransitMaster GetSubscriber divulgation de l'information6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00168CVE-2017-14943
19Jenkins workspaceCleanup elévation de privilèges5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00254CVE-2017-2611
20WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00318CVE-2017-5611

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
193.179.69.154NetWalker26/04/2022verifiedÉlevé
2141.98.81.191NetWalker26/04/2022verifiedÉlevé
3XXX.XXX.XXX.XXXxxxxxxxx26/04/2022verifiedÉlevé
4XXX.XXX.XXX.XXXxxxxxxxx26/04/2022verifiedÉlevé
5XXX.XXX.XX.XXXxxxxxxxx26/04/2022verifiedÉlevé
6XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xx.xxx.xx.xxxXxxxxxxxx26/04/2022verifiedÉlevé
7XXX.XXX.XXX.XXXXxxxxxxxx26/04/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94Argument InjectionpredictiveÉlevé
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
10TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (187)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/+CSCOE+/logon.htmlpredictiveÉlevé
2File/admin/ajax/file-browser/upload/predictiveÉlevé
3File/admin/api/theme-edit/predictiveÉlevé
4File/apply_noauth.cgipredictiveÉlevé
5File/cgi-bin/wapopenpredictiveÉlevé
6File/cgi-bin/wlogin.cgipredictiveÉlevé
7File/config.cgi?webminpredictiveÉlevé
8File/core/feeds/custom.phppredictiveÉlevé
9File/home/masterConsolepredictiveÉlevé
10File/index.phppredictiveMoyen
11File/lib/predictiveFaible
12File/manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1predictiveÉlevé
13File/phppath/phppredictiveMoyen
14File/public/login.htmpredictiveÉlevé
15File/public_main_modul.phppredictiveÉlevé
16File/rom-0predictiveFaible
17File/uncpath/predictiveMoyen
18File/usr/bin/pkexecpredictiveÉlevé
19File/var/run/beaker/container_file/predictiveÉlevé
20File/wireless/basic.asppredictiveÉlevé
21File/wireless/guestnetwork.asppredictiveÉlevé
22File/wordpress/wp-admin/options-general.phppredictiveÉlevé
23File/xxxxxxxxxxxxxxxxpredictiveÉlevé
24Filex.x.x\xxxxxx.xxxpredictiveÉlevé
25Filexxxxx.xxx/xxxxx-x.x.xxx/xxxxxxx.xxx/xxxx.xxxpredictiveÉlevé
26Filexxxx/xxxpredictiveMoyen
27Filexxxxxxxxxx_xxxxxxxxxx.xxxpredictiveÉlevé
28Filexxxxxxx.xxxpredictiveMoyen
29Filexxxxx-xxxx.xxxpredictiveÉlevé
30Filexxxxx/xxx_xxxxxxx.xxxpredictiveÉlevé
31Filexxxxx/xxxxxxx_xxxxxx.xxxpredictiveÉlevé
32Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveÉlevé
33Filexxxxxx.xxxpredictiveMoyen
34Filexxxx.xxxpredictiveMoyen
35Filexxxxx-xxx.xpredictiveMoyen
36Filexxxxxxx.xxpredictiveMoyen
37Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
38Filexxx/xxxxxxx.xxpredictiveÉlevé
39Filexxxxx.xx_xxxxxxxxx.xxxpredictiveÉlevé
40Filexxxxxxxx/xxxxxxxxxx.xxxxpredictiveÉlevé
41Filexxxx/xxxxx/xxxxxxx/xxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveÉlevé
42Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
43Filexxxxx.xxxpredictiveMoyen
44Filexxxxxxxx/xxxxxxx_xxxxxxx.xxxpredictiveÉlevé
45Filexxxxxxxx.xxxpredictiveMoyen
46Filexxx_xxxx.xpredictiveMoyen
47Filexxxxxxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictiveÉlevé
48Filexx/xxxxx/xxxxxxx.xpredictiveÉlevé
49Filexxx_xxxx.xxxpredictiveMoyen
50Filexx_xxxxxxx.xpredictiveMoyen
51Filexxxx_xxxxxxx.xxx.xxxpredictiveÉlevé
52Filexxx/xxxxxx/xxxxxxx.xpredictiveÉlevé
53Filexx_xxxxxxx.xpredictiveMoyen
54Filexxxxx_xxxxxx.xxxpredictiveÉlevé
55Filexxx/xxxxxx.xxxpredictiveÉlevé
56Filexxxxxxx.xxxpredictiveMoyen
57Filexxxxxxx/xxxxx/xxx_xxxx.xpredictiveÉlevé
58Filexxxxxxxx/xxxxx/xxxxx/xxxx-xxxxxxx-xxxxxxxxx-xxxxxxx-xxxxx.xxxpredictiveÉlevé
59Filexxxxx.xxpredictiveMoyen
60Filexxxxx.xxxpredictiveMoyen
61Filexxxxx.xxxpredictiveMoyen
62Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveÉlevé
63Filexxxxxxxxxxxx.xxxpredictiveÉlevé
64Filexxxx_xxxx.xxxpredictiveÉlevé
65Filex_xxxxxx.xxxpredictiveMoyen
66Filexxxxxx/xxxxxx.xpredictiveÉlevé
67Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveÉlevé
68Filexxxxx.xxxpredictiveMoyen
69Filexxx_xxxxx_xxx.xxxpredictiveÉlevé
70Filexxxxxxxxxxxxxxxx.xxxx/xxxxxxxxxxxxxpredictiveÉlevé
71Filexxxxxx/xxxxxx_xxxx.xxxpredictiveÉlevé
72Filexxxxxxxx.xxpredictiveMoyen
73Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
74Filexxx_xxxxx_xxxx.xpredictiveÉlevé
75Filexxx.xpredictiveFaible
76Filexxxxxxxxxxxxxx.xxxpredictiveÉlevé
77Filexxxxxxx.xxxpredictiveMoyen
78Filexxxxxxxxxxxxxx.xxxpredictiveÉlevé
79Filexxxxxxx.xxxpredictiveMoyen
80Filexxxxxxxxxx.xxxpredictiveÉlevé
81Filexxxxx.xxxxpredictiveMoyen
82Filexxxxxxxx.xxxpredictiveMoyen
83Filexxxxxxxx.xxxpredictiveMoyen
84Filexxxxxxxx.xxxpredictiveMoyen
85Filexxxxxx_xxxxxx.xxxpredictiveÉlevé
86Filexxxxxx.xxxxpredictiveMoyen
87Filexxxxxx_xxxx.xxxpredictiveÉlevé
88Filexxxx.xxxpredictiveMoyen
89Filexxxx/xxxxx.xxx/xxxxx/xxxxx/xxxxxxpredictiveÉlevé
90Filexxx.xxxxpredictiveMoyen
91Filexxx/xxxxxxx/xxxxxxx/xxxxxxxxx.xxpredictiveÉlevé
92Filexxx/xxxxx.xxpredictiveMoyen
93Filexxxxxxx-xxxxxxxx.xxxpredictiveÉlevé
94Filexxxxxxx.xxxpredictiveMoyen
95Filexxx/xxxxx/xxxxxx.xxx?xxxxxxx=xxxxxxxpredictiveÉlevé
96Filexxxx-xxxxxxxx.xxxpredictiveÉlevé
97Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveÉlevé
98Filexxx-xxxxxxx.xpredictiveÉlevé
99Filexx_xxxxx.xxxxpredictiveÉlevé
100Filexxxxxx.xxxpredictiveMoyen
101Filexxxx.xxxxpredictiveMoyen
102Filexxxxx.xxxxxx.xxxxxxx.xxxpredictiveÉlevé
103Filexxxxxxxx.xxxpredictiveMoyen
104Filexxxxxxxxxx/xxx/xxx_xxxxx.xxxpredictiveÉlevé
105Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxx_xxxxxx_xxxxxxpredictiveÉlevé
106Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveÉlevé
107Filexxxxxxx/xxxxxx/xxxxx.xxxpredictiveÉlevé
108Filexxxx.xxpredictiveFaible
109Filexxxx/xxx.xpredictiveMoyen
110Library/xxx/xxx/xxxpredictiveMoyen
111Libraryxxxxxxx.xxxpredictiveMoyen
112Libraryxxxxxxxx.xxxpredictiveMoyen
113Argument$xxxx["xx"]predictiveMoyen
114Argument$_xxxxxx['xxx_xxxx']predictiveÉlevé
115Argument-xpredictiveFaible
116Argument.xxx.x.x.x.x.x.xx.x.x.x.x.x.x.x.x.x.x.xpredictiveÉlevé
117Argumentxx/xxpredictiveFaible
118ArgumentxxxxxxxpredictiveFaible
119Argumentxxx_xxxxpredictiveMoyen
120ArgumentxxxxxxxxpredictiveMoyen
121ArgumentxxxxpredictiveFaible
122Argumentxxxxx_xxpredictiveMoyen
123ArgumentxxxpredictiveFaible
124ArgumentxxxxxxxxxxxxxxxpredictiveÉlevé
125ArgumentxxxxxpredictiveFaible
126Argumentxxxxxxx_xxxpredictiveMoyen
127Argumentxxxx_xxpredictiveFaible
128ArgumentxxxxxxxpredictiveFaible
129Argumentxxxx_xxxxxpredictiveMoyen
130ArgumentxxxxxxpredictiveFaible
131ArgumentxxxxxxpredictiveFaible
132Argumentxxxx/xxxxpredictiveMoyen
133ArgumentxxxxpredictiveFaible
134Argumentxxxxxx_xxx_xxpredictiveÉlevé
135Argumentxxxxxxxx_xxpredictiveMoyen
136Argumentxxxxx_xxpredictiveMoyen
137ArgumentxxxxxxpredictiveFaible
138ArgumentxxxxxpredictiveFaible
139ArgumentxxxxxxxxxxpredictiveMoyen
140Argumentxxx_xxxxx_xxpredictiveMoyen
141Argumentxxxxxxx[xx_xxx_xxxx]predictiveÉlevé
142ArgumentxxxxxxxxpredictiveMoyen
143ArgumentxxxxpredictiveFaible
144Argumentxxxxxxx/xxxxxxxxxxxpredictiveÉlevé
145ArgumentxxxxpredictiveFaible
146ArgumentxxpredictiveFaible
147Argumentxxx/xxxxpredictiveMoyen
148ArgumentxxxxpredictiveFaible
149ArgumentxxxxpredictiveFaible
150ArgumentxxxpredictiveFaible
151ArgumentxxxpredictiveFaible
152ArgumentxxxxxxpredictiveFaible
153ArgumentxxxpredictiveFaible
154ArgumentxxxxpredictiveFaible
155ArgumentxxxxxxxpredictiveFaible
156ArgumentxxxxpredictiveFaible
157ArgumentxxxxxxxxpredictiveMoyen
158ArgumentxxxxxxxxpredictiveMoyen
159Argumentxxxx_xxxpredictiveMoyen
160ArgumentxxxxxxxxpredictiveMoyen
161ArgumentxxxxxpredictiveFaible
162ArgumentxxxxxpredictiveFaible
163ArgumentxxxxxxpredictiveFaible
164ArgumentxxxpredictiveFaible
165ArgumentxxxxxxxxxxxxpredictiveMoyen
166ArgumentxxxxxpredictiveFaible
167Argumentxx_xxxxpredictiveFaible
168ArgumentxxxxxxxxxpredictiveMoyen
169ArgumentxxxxpredictiveFaible
170Argumentxxxx/xxxx/xxxpredictiveÉlevé
171ArgumentxxxxxxpredictiveFaible
172ArgumentxxxxxxpredictiveFaible
173ArgumentxxxxxxxxpredictiveMoyen
174Argumentxxxxxxxx/xxxxxxxxpredictiveÉlevé
175Argumentxxxxxxxxxxxxxx)predictiveÉlevé
176Argumentxxxxxxxxxxxx_xxxxpredictiveÉlevé
177Argumentxxxxxx/xxxxxx/xxxx/xxxxpredictiveÉlevé
178Input Value"><xxxxxx>xxxxx(x)</xxxxxx>predictiveÉlevé
179Input Value-x/xxxxxxxxxxpredictiveÉlevé
180Input Value../predictiveFaible
181Input Value../..predictiveFaible
182Input Value;[xxxxxxx]predictiveMoyen
183Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveÉlevé
184Input Valuexxxxxxxxxx:/*predictiveÉlevé
185Network Portxxxx xxxxpredictiveMoyen
186Network Portxxx/xxxxpredictiveMoyen
187Network Portxxx xxxxxx xxxxpredictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!