NetWalker 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (339)

时间轴

语言

en244
fr64
de10
ru6
ar4

国家/地区

us206
fr66
ru18
ch10
co8

演员

NetWalker5
Conti2
Cobalt Strike2
IcedID1
Bashlite1

活动

利益

时间轴

类型

Not Defined110
Content Management System22
Web Server20
Operating System20
Programming Language Software10

供应商

Not Defined88
Microsoft22
Oracle12
Apache10
Joomla8

产品

Microsoft Windows10
Joomla CMS8
Linux Kernel8
Microsoft IIS6
Apache HTTP Server6

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Microsoft Windows 弱身份验证6.56.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.023970.00CVE-2004-0540
2SourceCodester Library Management System index.php SQL注入7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001140.13CVE-2022-2492
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
4Tiki Wiki CMS Groupware tiki-edit_wiki_section.php 跨网站脚本5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001100.00CVE-2010-4240
5Tiki TikiWiki tiki-editpage.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.011940.03CVE-2004-1386
6Microsoft IIS 跨网站脚本5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.26CVE-2017-0055
7Apple M1 Register s3_5_c15_c10_1 M1RACLES 权限升级8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.04CVE-2021-30747
8Microsoft SQL Server Remote Code Execution7.37.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003540.03CVE-2023-23384
9WordPress admin-ajax.php SQL注入7.37.3$25k-$100k$0-$5kHighOfficial Fix0.051470.02CVE-2007-2821
10phpMyAdmin grab_globals.lib.php 目录遍历4.84.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.023340.35CVE-2005-3299
11Francisco Burzi PHP-Nuke Downloads Module viewsdownload SQL注入5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001870.02CVE-2005-0996
12Apple macOS WebKit 内存损坏6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.002180.00CVE-2021-1844
13Laravel Framework Illuminate PendingCommand.php __destruct 权限升级8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.012690.02CVE-2019-9081
14Ecommerce Online Store Kit shop.php SQL注入9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.04CVE-2004-0300
15freeciv 权限升级9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004120.02CVE-2010-2445
16Samba smb.conf samrchangepassword 权限升级6.36.0$0-$5k$0-$5kHighOfficial Fix0.750740.05CVE-2007-2447
17BestXsoftware Best Free Keylogger syscrb.exe 权限升级6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000600.02CVE-2018-18519
18Trapeze TransitMaster GetSubscriber 信息公开6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001680.00CVE-2017-14943
19Jenkins workspaceCleanup 权限升级5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002540.00CVE-2017-2611
20WordPress WP_Query class-wp-query.php SQL注入8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.02CVE-2017-5611

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
193.179.69.154NetWalker2022-04-26verified
2141.98.81.191NetWalker2022-04-26verified
3XXX.XXX.XXX.XXXxxxxxxxx2022-04-26verified
4XXX.XXX.XXX.XXXxxxxxxxx2022-04-26verified
5XXX.XXX.XX.XXXxxxxxxxx2022-04-26verified
6XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xx.xxx.xx.xxxXxxxxxxxx2022-04-26verified
7XXX.XXX.XXX.XXXXxxxxxxxx2022-04-26verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCAPEC-0CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXX.XXXCAPEC-492CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
12TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (187)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/+CSCOE+/logon.htmlpredictive
2File/admin/ajax/file-browser/upload/predictive
3File/admin/api/theme-edit/predictive
4File/apply_noauth.cgipredictive
5File/cgi-bin/wapopenpredictive
6File/cgi-bin/wlogin.cgipredictive
7File/config.cgi?webminpredictive
8File/core/feeds/custom.phppredictive
9File/home/masterConsolepredictive
10File/index.phppredictive
11File/lib/predictive
12File/manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1predictive
13File/phppath/phppredictive
14File/public/login.htmpredictive
15File/public_main_modul.phppredictive
16File/rom-0predictive
17File/uncpath/predictive
18File/usr/bin/pkexecpredictive
19File/var/run/beaker/container_file/predictive
20File/wireless/basic.asppredictive
21File/wireless/guestnetwork.asppredictive
22File/wordpress/wp-admin/options-general.phppredictive
23File/xxxxxxxxxxxxxxxxpredictive
24Filex.x.x\xxxxxx.xxxpredictive
25Filexxxxx.xxx/xxxxx-x.x.xxx/xxxxxxx.xxx/xxxx.xxxpredictive
26Filexxxx/xxxpredictive
27Filexxxxxxxxxx_xxxxxxxxxx.xxxpredictive
28Filexxxxxxx.xxxpredictive
29Filexxxxx-xxxx.xxxpredictive
30Filexxxxx/xxx_xxxxxxx.xxxpredictive
31Filexxxxx/xxxxxxx_xxxxxx.xxxpredictive
32Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictive
33Filexxxxxx.xxxpredictive
34Filexxxx.xxxpredictive
35Filexxxxx-xxx.xpredictive
36Filexxxxxxx.xxpredictive
37Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
38Filexxx/xxxxxxx.xxpredictive
39Filexxxxx.xx_xxxxxxxxx.xxxpredictive
40Filexxxxxxxx/xxxxxxxxxx.xxxxpredictive
41Filexxxx/xxxxx/xxxxxxx/xxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictive
42Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
43Filexxxxx.xxxpredictive
44Filexxxxxxxx/xxxxxxx_xxxxxxx.xxxpredictive
45Filexxxxxxxx.xxxpredictive
46Filexxx_xxxx.xpredictive
47Filexxxxxxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictive
48Filexx/xxxxx/xxxxxxx.xpredictive
49Filexxx_xxxx.xxxpredictive
50Filexx_xxxxxxx.xpredictive
51Filexxxx_xxxxxxx.xxx.xxxpredictive
52Filexxx/xxxxxx/xxxxxxx.xpredictive
53Filexx_xxxxxxx.xpredictive
54Filexxxxx_xxxxxx.xxxpredictive
55Filexxx/xxxxxx.xxxpredictive
56Filexxxxxxx.xxxpredictive
57Filexxxxxxx/xxxxx/xxx_xxxx.xpredictive
58Filexxxxxxxx/xxxxx/xxxxx/xxxx-xxxxxxx-xxxxxxxxx-xxxxxxx-xxxxx.xxxpredictive
59Filexxxxx.xxpredictive
60Filexxxxx.xxxpredictive
61Filexxxxx.xxxpredictive
62Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictive
63Filexxxxxxxxxxxx.xxxpredictive
64Filexxxx_xxxx.xxxpredictive
65Filex_xxxxxx.xxxpredictive
66Filexxxxxx/xxxxxx.xpredictive
67Filexxxxxxxxx/xxxxxx.xxx.xxxpredictive
68Filexxxxx.xxxpredictive
69Filexxx_xxxxx_xxx.xxxpredictive
70Filexxxxxxxxxxxxxxxx.xxxx/xxxxxxxxxxxxxpredictive
71Filexxxxxx/xxxxxx_xxxx.xxxpredictive
72Filexxxxxxxx.xxpredictive
73Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
74Filexxx_xxxxx_xxxx.xpredictive
75Filexxx.xpredictive
76Filexxxxxxxxxxxxxx.xxxpredictive
77Filexxxxxxx.xxxpredictive
78Filexxxxxxxxxxxxxx.xxxpredictive
79Filexxxxxxx.xxxpredictive
80Filexxxxxxxxxx.xxxpredictive
81Filexxxxx.xxxxpredictive
82Filexxxxxxxx.xxxpredictive
83Filexxxxxxxx.xxxpredictive
84Filexxxxxxxx.xxxpredictive
85Filexxxxxx_xxxxxx.xxxpredictive
86Filexxxxxx.xxxxpredictive
87Filexxxxxx_xxxx.xxxpredictive
88Filexxxx.xxxpredictive
89Filexxxx/xxxxx.xxx/xxxxx/xxxxx/xxxxxxpredictive
90Filexxx.xxxxpredictive
91Filexxx/xxxxxxx/xxxxxxx/xxxxxxxxx.xxpredictive
92Filexxx/xxxxx.xxpredictive
93Filexxxxxxx-xxxxxxxx.xxxpredictive
94Filexxxxxxx.xxxpredictive
95Filexxx/xxxxx/xxxxxx.xxx?xxxxxxx=xxxxxxxpredictive
96Filexxxx-xxxxxxxx.xxxpredictive
97Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictive
98Filexxx-xxxxxxx.xpredictive
99Filexx_xxxxx.xxxxpredictive
100Filexxxxxx.xxxpredictive
101Filexxxx.xxxxpredictive
102Filexxxxx.xxxxxx.xxxxxxx.xxxpredictive
103Filexxxxxxxx.xxxpredictive
104Filexxxxxxxxxx/xxx/xxx_xxxxx.xxxpredictive
105Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxx_xxxxxx_xxxxxxpredictive
106Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
107Filexxxxxxx/xxxxxx/xxxxx.xxxpredictive
108Filexxxx.xxpredictive
109Filexxxx/xxx.xpredictive
110Library/xxx/xxx/xxxpredictive
111Libraryxxxxxxx.xxxpredictive
112Libraryxxxxxxxx.xxxpredictive
113Argument$xxxx["xx"]predictive
114Argument$_xxxxxx['xxx_xxxx']predictive
115Argument-xpredictive
116Argument.xxx.x.x.x.x.x.xx.x.x.x.x.x.x.x.x.x.x.xpredictive
117Argumentxx/xxpredictive
118Argumentxxxxxxxpredictive
119Argumentxxx_xxxxpredictive
120Argumentxxxxxxxxpredictive
121Argumentxxxxpredictive
122Argumentxxxxx_xxpredictive
123Argumentxxxpredictive
124Argumentxxxxxxxxxxxxxxxpredictive
125Argumentxxxxxpredictive
126Argumentxxxxxxx_xxxpredictive
127Argumentxxxx_xxpredictive
128Argumentxxxxxxxpredictive
129Argumentxxxx_xxxxxpredictive
130Argumentxxxxxxpredictive
131Argumentxxxxxxpredictive
132Argumentxxxx/xxxxpredictive
133Argumentxxxxpredictive
134Argumentxxxxxx_xxx_xxpredictive
135Argumentxxxxxxxx_xxpredictive
136Argumentxxxxx_xxpredictive
137Argumentxxxxxxpredictive
138Argumentxxxxxpredictive
139Argumentxxxxxxxxxxpredictive
140Argumentxxx_xxxxx_xxpredictive
141Argumentxxxxxxx[xx_xxx_xxxx]predictive
142Argumentxxxxxxxxpredictive
143Argumentxxxxpredictive
144Argumentxxxxxxx/xxxxxxxxxxxpredictive
145Argumentxxxxpredictive
146Argumentxxpredictive
147Argumentxxx/xxxxpredictive
148Argumentxxxxpredictive
149Argumentxxxxpredictive
150Argumentxxxpredictive
151Argumentxxxpredictive
152Argumentxxxxxxpredictive
153Argumentxxxpredictive
154Argumentxxxxpredictive
155Argumentxxxxxxxpredictive
156Argumentxxxxpredictive
157Argumentxxxxxxxxpredictive
158Argumentxxxxxxxxpredictive
159Argumentxxxx_xxxpredictive
160Argumentxxxxxxxxpredictive
161Argumentxxxxxpredictive
162Argumentxxxxxpredictive
163Argumentxxxxxxpredictive
164Argumentxxxpredictive
165Argumentxxxxxxxxxxxxpredictive
166Argumentxxxxxpredictive
167Argumentxx_xxxxpredictive
168Argumentxxxxxxxxxpredictive
169Argumentxxxxpredictive
170Argumentxxxx/xxxx/xxxpredictive
171Argumentxxxxxxpredictive
172Argumentxxxxxxpredictive
173Argumentxxxxxxxxpredictive
174Argumentxxxxxxxx/xxxxxxxxpredictive
175Argumentxxxxxxxxxxxxxx)predictive
176Argumentxxxxxxxxxxxx_xxxxpredictive
177Argumentxxxxxx/xxxxxx/xxxx/xxxxpredictive
178Input Value"><xxxxxx>xxxxx(x)</xxxxxx>predictive
179Input Value-x/xxxxxxxxxxpredictive
180Input Value../predictive
181Input Value../..predictive
182Input Value;[xxxxxxx]predictive
183Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictive
184Input Valuexxxxxxxxxx:/*predictive
185Network Portxxxx xxxxpredictive
186Network Portxxx/xxxxpredictive
187Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!