NetWalker Analys
IOB - Indicator of Behavior (339)
Aktiviteter
Intressera
Sårbarheter
IOC - Indicator of Compromise (7)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
ID | IP-adress | Hostname | Skådespelare | Kampanjer | Identified | Typ | Förtroende |
---|---|---|---|---|---|---|---|
1 | 93.179.69.154 | NetWalker | 26/04/2022 | verified | Hög | ||
2 | 141.98.81.191 | NetWalker | 26/04/2022 | verified | Hög | ||
3 | XXX.XXX.XXX.XX | Xxxxxxxxx | 26/04/2022 | verified | Hög | ||
4 | XXX.XXX.XXX.XX | Xxxxxxxxx | 26/04/2022 | verified | Hög | ||
5 | XXX.XXX.XX.XX | Xxxxxxxxx | 26/04/2022 | verified | Hög | ||
6 | XXX.XX.XXX.XXX | xxx-xxx-xx-xxx-xxx.xx.xxx.xx.xxx | Xxxxxxxxx | 26/04/2022 | verified | Hög | |
7 | XXX.XXX.XXX.XXX | Xxxxxxxxx | 26/04/2022 | verified | Hög |
TTP - Tactics, Techniques, Procedures (19)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (187)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Klass | Indicator | Typ | Förtroende |
---|---|---|---|---|
1 | File | /+CSCOE+/logon.html | predictive | Hög |
2 | File | /admin/ajax/file-browser/upload/ | predictive | Hög |
3 | File | /admin/api/theme-edit/ | predictive | Hög |
4 | File | /apply_noauth.cgi | predictive | Hög |
5 | File | /cgi-bin/wapopen | predictive | Hög |
6 | File | /cgi-bin/wlogin.cgi | predictive | Hög |
7 | File | /config.cgi?webmin | predictive | Hög |
8 | File | /core/feeds/custom.php | predictive | Hög |
9 | File | /home/masterConsole | predictive | Hög |
10 | File | /index.php | predictive | Medium |
11 | File | /lib/ | predictive | Låg |
12 | File | /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 | predictive | Hög |
13 | File | /phppath/php | predictive | Medium |
14 | File | /public/login.htm | predictive | Hög |
15 | File | /public_main_modul.php | predictive | Hög |
16 | File | /rom-0 | predictive | Låg |
17 | File | /uncpath/ | predictive | Medium |
18 | File | /usr/bin/pkexec | predictive | Hög |
19 | File | /var/run/beaker/container_file/ | predictive | Hög |
20 | File | /wireless/basic.asp | predictive | Hög |
21 | File | /wireless/guestnetwork.asp | predictive | Hög |
22 | File | /wordpress/wp-admin/options-general.php | predictive | Hög |
23 | File | /xxxxxxxxxxxxxxxx | predictive | Hög |
24 | File | x.x.x\xxxxxx.xxx | predictive | Hög |
25 | File | xxxxx.xxx/xxxxx-x.x.xxx/xxxxxxx.xxx/xxxx.xxx | predictive | Hög |
26 | File | xxxx/xxx | predictive | Medium |
27 | File | xxxxxxxxxx_xxxxxxxxxx.xxx | predictive | Hög |
28 | File | xxxxxxx.xxx | predictive | Medium |
29 | File | xxxxx-xxxx.xxx | predictive | Hög |
30 | File | xxxxx/xxx_xxxxxxx.xxx | predictive | Hög |
31 | File | xxxxx/xxxxxxx_xxxxxx.xxx | predictive | Hög |
32 | File | xxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxx | predictive | Hög |
33 | File | xxxxxx.xxx | predictive | Medium |
34 | File | xxxx.xxx | predictive | Medium |
35 | File | xxxxx-xxx.x | predictive | Medium |
36 | File | xxxxxxx.xx | predictive | Medium |
37 | File | xxxxxxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | Hög |
38 | File | xxx/xxxxxxx.xx | predictive | Hög |
39 | File | xxxxx.xx_xxxxxxxxx.xxx | predictive | Hög |
40 | File | xxxxxxxx/xxxxxxxxxx.xxxx | predictive | Hög |
41 | File | xxxx/xxxxx/xxxxxxx/xxxxxxxxx/xxxxxxx/xxxxx/xxx.xxx | predictive | Hög |
42 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | Hög |
43 | File | xxxxx.xxx | predictive | Medium |
44 | File | xxxxxxxx/xxxxxxx_xxxxxxx.xxx | predictive | Hög |
45 | File | xxxxxxxx.xxx | predictive | Medium |
46 | File | xxx_xxxx.x | predictive | Medium |
47 | File | xxxxxxxx/xxxxxxx/xxxxxxxxxxxx.xxx | predictive | Hög |
48 | File | xx/xxxxx/xxxxxxx.x | predictive | Hög |
49 | File | xxx_xxxx.xxx | predictive | Medium |
50 | File | xx_xxxxxxx.x | predictive | Medium |
51 | File | xxxx_xxxxxxx.xxx.xxx | predictive | Hög |
52 | File | xxx/xxxxxx/xxxxxxx.x | predictive | Hög |
53 | File | xx_xxxxxxx.x | predictive | Medium |
54 | File | xxxxx_xxxxxx.xxx | predictive | Hög |
55 | File | xxx/xxxxxx.xxx | predictive | Hög |
56 | File | xxxxxxx.xxx | predictive | Medium |
57 | File | xxxxxxx/xxxxx/xxx_xxxx.x | predictive | Hög |
58 | File | xxxxxxxx/xxxxx/xxxxx/xxxx-xxxxxxx-xxxxxxxxx-xxxxxxx-xxxxx.xxx | predictive | Hög |
59 | File | xxxxx.xx | predictive | Medium |
60 | File | xxxxx.xxx | predictive | Medium |
61 | File | xxxxx.xxx | predictive | Medium |
62 | File | xxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxx | predictive | Hög |
63 | File | xxxxxxxxxxxx.xxx | predictive | Hög |
64 | File | xxxx_xxxx.xxx | predictive | Hög |
65 | File | x_xxxxxx.xxx | predictive | Medium |
66 | File | xxxxxx/xxxxxx.x | predictive | Hög |
67 | File | xxxxxxxxx/xxxxxx.xxx.xxx | predictive | Hög |
68 | File | xxxxx.xxx | predictive | Medium |
69 | File | xxx_xxxxx_xxx.xxx | predictive | Hög |
70 | File | xxxxxxxxxxxxxxxx.xxxx/xxxxxxxxxxxxx | predictive | Hög |
71 | File | xxxxxx/xxxxxx_xxxx.xxx | predictive | Hög |
72 | File | xxxxxxxx.xx | predictive | Medium |
73 | File | xxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | Hög |
74 | File | xxx_xxxxx_xxxx.x | predictive | Hög |
75 | File | xxx.x | predictive | Låg |
76 | File | xxxxxxxxxxxxxx.xxx | predictive | Hög |
77 | File | xxxxxxx.xxx | predictive | Medium |
78 | File | xxxxxxxxxxxxxx.xxx | predictive | Hög |
79 | File | xxxxxxx.xxx | predictive | Medium |
80 | File | xxxxxxxxxx.xxx | predictive | Hög |
81 | File | xxxxx.xxxx | predictive | Medium |
82 | File | xxxxxxxx.xxx | predictive | Medium |
83 | File | xxxxxxxx.xxx | predictive | Medium |
84 | File | xxxxxxxx.xxx | predictive | Medium |
85 | File | xxxxxx_xxxxxx.xxx | predictive | Hög |
86 | File | xxxxxx.xxxx | predictive | Medium |
87 | File | xxxxxx_xxxx.xxx | predictive | Hög |
88 | File | xxxx.xxx | predictive | Medium |
89 | File | xxxx/xxxxx.xxx/xxxxx/xxxxx/xxxxxx | predictive | Hög |
90 | File | xxx.xxxx | predictive | Medium |
91 | File | xxx/xxxxxxx/xxxxxxx/xxxxxxxxx.xx | predictive | Hög |
92 | File | xxx/xxxxx.xx | predictive | Medium |
93 | File | xxxxxxx-xxxxxxxx.xxx | predictive | Hög |
94 | File | xxxxxxx.xxx | predictive | Medium |
95 | File | xxx/xxxxx/xxxxxx.xxx?xxxxxxx=xxxxxxx | predictive | Hög |
96 | File | xxxx-xxxxxxxx.xxx | predictive | Hög |
97 | File | xxxx-xxxx_xxxx_xxxxxxx.xxx | predictive | Hög |
98 | File | xxx-xxxxxxx.x | predictive | Hög |
99 | File | xx_xxxxx.xxxx | predictive | Hög |
100 | File | xxxxxx.xxx | predictive | Medium |
101 | File | xxxx.xxxx | predictive | Medium |
102 | File | xxxxx.xxxxxx.xxxxxxx.xxx | predictive | Hög |
103 | File | xxxxxxxx.xxx | predictive | Medium |
104 | File | xxxxxxxxxx/xxx/xxx_xxxxx.xxx | predictive | Hög |
105 | File | xx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxx_xxxxxx_xxxxxx | predictive | Hög |
106 | File | xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx | predictive | Hög |
107 | File | xxxxxxx/xxxxxx/xxxxx.xxx | predictive | Hög |
108 | File | xxxx.xx | predictive | Låg |
109 | File | xxxx/xxx.x | predictive | Medium |
110 | Library | /xxx/xxx/xxx | predictive | Medium |
111 | Library | xxxxxxx.xxx | predictive | Medium |
112 | Library | xxxxxxxx.xxx | predictive | Medium |
113 | Argument | $xxxx["xx"] | predictive | Medium |
114 | Argument | $_xxxxxx['xxx_xxxx'] | predictive | Hög |
115 | Argument | -x | predictive | Låg |
116 | Argument | .xxx.x.x.x.x.x.xx.x.x.x.x.x.x.x.x.x.x.x | predictive | Hög |
117 | Argument | xx/xx | predictive | Låg |
118 | Argument | xxxxxxx | predictive | Låg |
119 | Argument | xxx_xxxx | predictive | Medium |
120 | Argument | xxxxxxxx | predictive | Medium |
121 | Argument | xxxx | predictive | Låg |
122 | Argument | xxxxx_xx | predictive | Medium |
123 | Argument | xxx | predictive | Låg |
124 | Argument | xxxxxxxxxxxxxxx | predictive | Hög |
125 | Argument | xxxxx | predictive | Låg |
126 | Argument | xxxxxxx_xxx | predictive | Medium |
127 | Argument | xxxx_xx | predictive | Låg |
128 | Argument | xxxxxxx | predictive | Låg |
129 | Argument | xxxx_xxxxx | predictive | Medium |
130 | Argument | xxxxxx | predictive | Låg |
131 | Argument | xxxxxx | predictive | Låg |
132 | Argument | xxxx/xxxx | predictive | Medium |
133 | Argument | xxxx | predictive | Låg |
134 | Argument | xxxxxx_xxx_xx | predictive | Hög |
135 | Argument | xxxxxxxx_xx | predictive | Medium |
136 | Argument | xxxxx_xx | predictive | Medium |
137 | Argument | xxxxxx | predictive | Låg |
138 | Argument | xxxxx | predictive | Låg |
139 | Argument | xxxxxxxxxx | predictive | Medium |
140 | Argument | xxx_xxxxx_xx | predictive | Medium |
141 | Argument | xxxxxxx[xx_xxx_xxxx] | predictive | Hög |
142 | Argument | xxxxxxxx | predictive | Medium |
143 | Argument | xxxx | predictive | Låg |
144 | Argument | xxxxxxx/xxxxxxxxxxx | predictive | Hög |
145 | Argument | xxxx | predictive | Låg |
146 | Argument | xx | predictive | Låg |
147 | Argument | xxx/xxxx | predictive | Medium |
148 | Argument | xxxx | predictive | Låg |
149 | Argument | xxxx | predictive | Låg |
150 | Argument | xxx | predictive | Låg |
151 | Argument | xxx | predictive | Låg |
152 | Argument | xxxxxx | predictive | Låg |
153 | Argument | xxx | predictive | Låg |
154 | Argument | xxxx | predictive | Låg |
155 | Argument | xxxxxxx | predictive | Låg |
156 | Argument | xxxx | predictive | Låg |
157 | Argument | xxxxxxxx | predictive | Medium |
158 | Argument | xxxxxxxx | predictive | Medium |
159 | Argument | xxxx_xxx | predictive | Medium |
160 | Argument | xxxxxxxx | predictive | Medium |
161 | Argument | xxxxx | predictive | Låg |
162 | Argument | xxxxx | predictive | Låg |
163 | Argument | xxxxxx | predictive | Låg |
164 | Argument | xxx | predictive | Låg |
165 | Argument | xxxxxxxxxxxx | predictive | Medium |
166 | Argument | xxxxx | predictive | Låg |
167 | Argument | xx_xxxx | predictive | Låg |
168 | Argument | xxxxxxxxx | predictive | Medium |
169 | Argument | xxxx | predictive | Låg |
170 | Argument | xxxx/xxxx/xxx | predictive | Hög |
171 | Argument | xxxxxx | predictive | Låg |
172 | Argument | xxxxxx | predictive | Låg |
173 | Argument | xxxxxxxx | predictive | Medium |
174 | Argument | xxxxxxxx/xxxxxxxx | predictive | Hög |
175 | Argument | xxxxxxxxxxxxxx) | predictive | Hög |
176 | Argument | xxxxxxxxxxxx_xxxx | predictive | Hög |
177 | Argument | xxxxxx/xxxxxx/xxxx/xxxx | predictive | Hög |
178 | Input Value | "><xxxxxx>xxxxx(x)</xxxxxx> | predictive | Hög |
179 | Input Value | -x/xxxxxxxxxx | predictive | Hög |
180 | Input Value | ../ | predictive | Låg |
181 | Input Value | ../.. | predictive | Låg |
182 | Input Value | ;[xxxxxxx] | predictive | Medium |
183 | Input Value | xxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxx | predictive | Hög |
184 | Input Value | xxxxxxxxxx:/* | predictive | Hög |
185 | Network Port | xxxx xxxx | predictive | Medium |
186 | Network Port | xxx/xxxx | predictive | Medium |
187 | Network Port | xxx xxxxxx xxxx | predictive | Hög |
Referenser (2)
The following list contains external sources which discuss the actor and the associated activities: