NetWalker Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (339)

Lang

en	238
fr	74
ar	6
es	6
it	6

Land

us	200
fr	72
ru	18
ar	6
co	6

Skådespelare

NetWalker	5
Cobalt Strike	2
Conti	2
FIN6	1
Aurora Stealer	1

Intressera

Typ

Not Defined	108
Content Management System	28
Operating System	22
Web Server	18
Web Browser	16

Säljare

Not Defined	100
Microsoft	24
Linux	12
Google	12
BigTree	10

Produkt

Linux Kernel	12
Microsoft Windows	10
BigTree CMS	10
Google Chrome	8
Jenkins	8

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Microsoft Windows svag autentisering	6.5	6.2	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.02397	0.00	CVE-2004-0540
2	SourceCodester Library Management System index.php sql injektion	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00114	0.24	CVE-2022-2492
3	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
4	Tiki Wiki CMS Groupware tiki-edit_wiki_section.php cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00110	0.00	CVE-2010-4240
5	Tiki TikiWiki tiki-editpage.php privilegier eskalering	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01194	0.03	CVE-2004-1386
6	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.14	CVE-2017-0055
7	Apple M1 Register s3_5_c15_c10_1 M1RACLES privilegier eskalering	8.8	8.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00000	0.04	CVE-2021-30747
8	Microsoft SQL Server Remote Code Execution	7.3	7.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00354	0.03	CVE-2023-23384
9	WordPress admin-ajax.php sql injektion	7.3	7.3	$25k-$100k	$0-$5k	High	Official Fix	0.05147	0.02	CVE-2007-2821
10	phpMyAdmin grab_globals.lib.php kataloggenomgång	4.8	4.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02334	0.38	CVE-2005-3299
11	Francisco Burzi PHP-Nuke Downloads Module viewsdownload sql injektion	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00187	0.02	CVE-2005-0996
12	Apple macOS WebKit minneskorruption	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00218	0.00	CVE-2021-1844
13	Laravel Framework Illuminate PendingCommand.php __destruct privilegier eskalering	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01269	0.02	CVE-2019-9081
14	Ecommerce Online Store Kit shop.php sql injektion	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03763	0.04	CVE-2004-0300
15	freeciv privilegier eskalering	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00412	0.02	CVE-2010-2445
16	Samba smb.conf samrchangepassword privilegier eskalering	6.3	6.0	$0-$5k	$0-$5k	High	Official Fix	0.75074	0.05	CVE-2007-2447
17	BestXsoftware Best Free Keylogger syscrb.exe privilegier eskalering	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00060	0.02	CVE-2018-18519
18	Trapeze TransitMaster GetSubscriber informationsgivning	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00168	0.00	CVE-2017-14943
19	Jenkins workspaceCleanup privilegier eskalering	5.3	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00254	0.00	CVE-2017-2611
20	WordPress WP_Query class-wp-query.php sql injektion	8.5	8.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00318	0.02	CVE-2017-5611

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	93.179.69.154		NetWalker	26/04/2022	verified	Hög
2	141.98.81.191		NetWalker	26/04/2022	verified	Hög
3	XXX.XXX.XXX.XX		Xxxxxxxxx	26/04/2022	verified	Hög
4	XXX.XXX.XXX.XX		Xxxxxxxxx	26/04/2022	verified	Hög
5	XXX.XXX.XX.XX		Xxxxxxxxx	26/04/2022	verified	Hög
6	XXX.XX.XXX.XXX	xxx-xxx-xx-xxx-xxx.xx.xxx.xx.xxx	Xxxxxxxxx	26/04/2022	verified	Hög
7	XXX.XXX.XXX.XXX		Xxxxxxxxx	26/04/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-19, CWE-20, CWE-59, CWE-61, CWE-73, CWE-119, CWE-120, CWE-121, CWE-122, CWE-125, CWE-189, CWE-190, CWE-287, CWE-288, CWE-290, CWE-306, CWE-352, CWE-362, CWE-399, CWE-400, CWE-404, CWE-416, CWE-444, CWE-476, CWE-502, CWE-787, CWE-789, CWE-862, CWE-863, CWE-918	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
3	T1055	CAPEC-10	CWE-74, CWE-707	Improper Neutralization of Data within XPath Expressions	predictive	Hög
4	T1059	CAPEC-10	CWE-74, CWE-94, CWE-707	Argument Injection	predictive	Hög
5	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
8	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
10	TXXXX	CAPEC-0	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Hög
11	TXXXX.XXX	CAPEC-147	CWE-XXX, CWE-XXX, CWE-XXXX	Xxxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxxx	predictive	Hög
12	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
13	TXXXX	CAPEC-102	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
14	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Hög
15	TXXXX.XXX	CAPEC-114	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
16	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
17	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög
18	TXXXX.XXX	CAPEC-112	CWE-XXX, CWE-XXX, CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Hög
19	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (187)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/+CSCOE+/logon.html	predictive	Hög
2	File	/admin/ajax/file-browser/upload/	predictive	Hög
3	File	/admin/api/theme-edit/	predictive	Hög
4	File	/apply_noauth.cgi	predictive	Hög
5	File	/cgi-bin/wapopen	predictive	Hög
6	File	/cgi-bin/wlogin.cgi	predictive	Hög
7	File	/config.cgi?webmin	predictive	Hög
8	File	/core/feeds/custom.php	predictive	Hög
9	File	/home/masterConsole	predictive	Hög
10	File	/index.php	predictive	Medium
11	File	/lib/	predictive	Låg
12	File	/manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1	predictive	Hög
13	File	/phppath/php	predictive	Medium
14	File	/public/login.htm	predictive	Hög
15	File	/public_main_modul.php	predictive	Hög
16	File	/rom-0	predictive	Låg
17	File	/uncpath/	predictive	Medium
18	File	/usr/bin/pkexec	predictive	Hög
19	File	/var/run/beaker/container_file/	predictive	Hög
20	File	/wireless/basic.asp	predictive	Hög
21	File	/wireless/guestnetwork.asp	predictive	Hög
22	File	/wordpress/wp-admin/options-general.php	predictive	Hög
23	File	/xxxxxxxxxxxxxxxx	predictive	Hög
24	File	x.x.x\xxxxxx.xxx	predictive	Hög
25	File	xxxxx.xxx/xxxxx-x.x.xxx/xxxxxxx.xxx/xxxx.xxx	predictive	Hög
26	File	xxxx/xxx	predictive	Medium
27	File	xxxxxxxxxx_xxxxxxxxxx.xxx	predictive	Hög
28	File	xxxxxxx.xxx	predictive	Medium
29	File	xxxxx-xxxx.xxx	predictive	Hög
30	File	xxxxx/xxx_xxxxxxx.xxx	predictive	Hög
31	File	xxxxx/xxxxxxx_xxxxxx.xxx	predictive	Hög
32	File	xxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxx	predictive	Hög
33	File	xxxxxx.xxx	predictive	Medium
34	File	xxxx.xxx	predictive	Medium
35	File	xxxxx-xxx.x	predictive	Medium
36	File	xxxxxxx.xx	predictive	Medium
37	File	xxxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Hög
38	File	xxx/xxxxxxx.xx	predictive	Hög
39	File	xxxxx.xx_xxxxxxxxx.xxx	predictive	Hög
40	File	xxxxxxxx/xxxxxxxxxx.xxxx	predictive	Hög
41	File	xxxx/xxxxx/xxxxxxx/xxxxxxxxx/xxxxxxx/xxxxx/xxx.xxx	predictive	Hög
42	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Hög
43	File	xxxxx.xxx	predictive	Medium
44	File	xxxxxxxx/xxxxxxx_xxxxxxx.xxx	predictive	Hög
45	File	xxxxxxxx.xxx	predictive	Medium
46	File	xxx_xxxx.x	predictive	Medium
47	File	xxxxxxxx/xxxxxxx/xxxxxxxxxxxx.xxx	predictive	Hög
48	File	xx/xxxxx/xxxxxxx.x	predictive	Hög
49	File	xxx_xxxx.xxx	predictive	Medium
50	File	xx_xxxxxxx.x	predictive	Medium
51	File	xxxx_xxxxxxx.xxx.xxx	predictive	Hög
52	File	xxx/xxxxxx/xxxxxxx.x	predictive	Hög
53	File	xx_xxxxxxx.x	predictive	Medium
54	File	xxxxx_xxxxxx.xxx	predictive	Hög
55	File	xxx/xxxxxx.xxx	predictive	Hög
56	File	xxxxxxx.xxx	predictive	Medium
57	File	xxxxxxx/xxxxx/xxx_xxxx.x	predictive	Hög
58	File	xxxxxxxx/xxxxx/xxxxx/xxxx-xxxxxxx-xxxxxxxxx-xxxxxxx-xxxxx.xxx	predictive	Hög
59	File	xxxxx.xx	predictive	Medium
60	File	xxxxx.xxx	predictive	Medium
61	File	xxxxx.xxx	predictive	Medium
62	File	xxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxx	predictive	Hög
63	File	xxxxxxxxxxxx.xxx	predictive	Hög
64	File	xxxx_xxxx.xxx	predictive	Hög
65	File	x_xxxxxx.xxx	predictive	Medium
66	File	xxxxxx/xxxxxx.x	predictive	Hög
67	File	xxxxxxxxx/xxxxxx.xxx.xxx	predictive	Hög
68	File	xxxxx.xxx	predictive	Medium
69	File	xxx_xxxxx_xxx.xxx	predictive	Hög
70	File	xxxxxxxxxxxxxxxx.xxxx/xxxxxxxxxxxxx	predictive	Hög
71	File	xxxxxx/xxxxxx_xxxx.xxx	predictive	Hög
72	File	xxxxxxxx.xx	predictive	Medium
73	File	xxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Hög
74	File	xxx_xxxxx_xxxx.x	predictive	Hög
75	File	xxx.x	predictive	Låg
76	File	xxxxxxxxxxxxxx.xxx	predictive	Hög
77	File	xxxxxxx.xxx	predictive	Medium
78	File	xxxxxxxxxxxxxx.xxx	predictive	Hög
79	File	xxxxxxx.xxx	predictive	Medium
80	File	xxxxxxxxxx.xxx	predictive	Hög
81	File	xxxxx.xxxx	predictive	Medium
82	File	xxxxxxxx.xxx	predictive	Medium
83	File	xxxxxxxx.xxx	predictive	Medium
84	File	xxxxxxxx.xxx	predictive	Medium
85	File	xxxxxx_xxxxxx.xxx	predictive	Hög
86	File	xxxxxx.xxxx	predictive	Medium
87	File	xxxxxx_xxxx.xxx	predictive	Hög
88	File	xxxx.xxx	predictive	Medium
89	File	xxxx/xxxxx.xxx/xxxxx/xxxxx/xxxxxx	predictive	Hög
90	File	xxx.xxxx	predictive	Medium
91	File	xxx/xxxxxxx/xxxxxxx/xxxxxxxxx.xx	predictive	Hög
92	File	xxx/xxxxx.xx	predictive	Medium
93	File	xxxxxxx-xxxxxxxx.xxx	predictive	Hög
94	File	xxxxxxx.xxx	predictive	Medium
95	File	xxx/xxxxx/xxxxxx.xxx?xxxxxxx=xxxxxxx	predictive	Hög
96	File	xxxx-xxxxxxxx.xxx	predictive	Hög
97	File	xxxx-xxxx_xxxx_xxxxxxx.xxx	predictive	Hög
98	File	xxx-xxxxxxx.x	predictive	Hög
99	File	xx_xxxxx.xxxx	predictive	Hög
100	File	xxxxxx.xxx	predictive	Medium
101	File	xxxx.xxxx	predictive	Medium
102	File	xxxxx.xxxxxx.xxxxxxx.xxx	predictive	Hög
103	File	xxxxxxxx.xxx	predictive	Medium
104	File	xxxxxxxxxx/xxx/xxx_xxxxx.xxx	predictive	Hög
105	File	xx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxx_xxxxxx_xxxxxx	predictive	Hög
106	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Hög
107	File	xxxxxxx/xxxxxx/xxxxx.xxx	predictive	Hög
108	File	xxxx.xx	predictive	Låg
109	File	xxxx/xxx.x	predictive	Medium
110	Library	/xxx/xxx/xxx	predictive	Medium
111	Library	xxxxxxx.xxx	predictive	Medium
112	Library	xxxxxxxx.xxx	predictive	Medium
113	Argument	$xxxx["xx"]	predictive	Medium
114	Argument	$_xxxxxx['xxx_xxxx']	predictive	Hög
115	Argument	-x	predictive	Låg
116	Argument	.xxx.x.x.x.x.x.xx.x.x.x.x.x.x.x.x.x.x.x	predictive	Hög
117	Argument	xx/xx	predictive	Låg
118	Argument	xxxxxxx	predictive	Låg
119	Argument	xxx_xxxx	predictive	Medium
120	Argument	xxxxxxxx	predictive	Medium
121	Argument	xxxx	predictive	Låg
122	Argument	xxxxx_xx	predictive	Medium
123	Argument	xxx	predictive	Låg
124	Argument	xxxxxxxxxxxxxxx	predictive	Hög
125	Argument	xxxxx	predictive	Låg
126	Argument	xxxxxxx_xxx	predictive	Medium
127	Argument	xxxx_xx	predictive	Låg
128	Argument	xxxxxxx	predictive	Låg
129	Argument	xxxx_xxxxx	predictive	Medium
130	Argument	xxxxxx	predictive	Låg
131	Argument	xxxxxx	predictive	Låg
132	Argument	xxxx/xxxx	predictive	Medium
133	Argument	xxxx	predictive	Låg
134	Argument	xxxxxx_xxx_xx	predictive	Hög
135	Argument	xxxxxxxx_xx	predictive	Medium
136	Argument	xxxxx_xx	predictive	Medium
137	Argument	xxxxxx	predictive	Låg
138	Argument	xxxxx	predictive	Låg
139	Argument	xxxxxxxxxx	predictive	Medium
140	Argument	xxx_xxxxx_xx	predictive	Medium
141	Argument	xxxxxxx[xx_xxx_xxxx]	predictive	Hög
142	Argument	xxxxxxxx	predictive	Medium
143	Argument	xxxx	predictive	Låg
144	Argument	xxxxxxx/xxxxxxxxxxx	predictive	Hög
145	Argument	xxxx	predictive	Låg
146	Argument	xx	predictive	Låg
147	Argument	xxx/xxxx	predictive	Medium
148	Argument	xxxx	predictive	Låg
149	Argument	xxxx	predictive	Låg
150	Argument	xxx	predictive	Låg
151	Argument	xxx	predictive	Låg
152	Argument	xxxxxx	predictive	Låg
153	Argument	xxx	predictive	Låg
154	Argument	xxxx	predictive	Låg
155	Argument	xxxxxxx	predictive	Låg
156	Argument	xxxx	predictive	Låg
157	Argument	xxxxxxxx	predictive	Medium
158	Argument	xxxxxxxx	predictive	Medium
159	Argument	xxxx_xxx	predictive	Medium
160	Argument	xxxxxxxx	predictive	Medium
161	Argument	xxxxx	predictive	Låg
162	Argument	xxxxx	predictive	Låg
163	Argument	xxxxxx	predictive	Låg
164	Argument	xxx	predictive	Låg
165	Argument	xxxxxxxxxxxx	predictive	Medium
166	Argument	xxxxx	predictive	Låg
167	Argument	xx_xxxx	predictive	Låg
168	Argument	xxxxxxxxx	predictive	Medium
169	Argument	xxxx	predictive	Låg
170	Argument	xxxx/xxxx/xxx	predictive	Hög
171	Argument	xxxxxx	predictive	Låg
172	Argument	xxxxxx	predictive	Låg
173	Argument	xxxxxxxx	predictive	Medium
174	Argument	xxxxxxxx/xxxxxxxx	predictive	Hög
175	Argument	xxxxxxxxxxxxxx)	predictive	Hög
176	Argument	xxxxxxxxxxxx_xxxx	predictive	Hög
177	Argument	xxxxxx/xxxxxx/xxxx/xxxx	predictive	Hög
178	Input Value	"><xxxxxx>xxxxx(x)</xxxxxx>	predictive	Hög
179	Input Value	-x/xxxxxxxxxx	predictive	Hög
180	Input Value	../	predictive	Låg
181	Input Value	../..	predictive	Låg
182	Input Value	;[xxxxxxx]	predictive	Medium
183	Input Value	xxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxx	predictive	Hög
184	Input Value	xxxxxxxxxx:/*	predictive	Hög
185	Network Port	xxxx xxxx	predictive	Medium
186	Network Port	xxx/xxxx	predictive	Medium
187	Network Port	xxx xxxxxx xxxx	predictive	Hög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!