Netwalker
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .001 | Command and Scripting Interpreter: PowerShell |
Netwalker has been written in PowerShell and executed directly in memory, avoiding detection.(Citation: TrendMicro Netwalker May 2020)(Citation: Sophos Netwalker May 2020) |
.003 | Command and Scripting Interpreter: Windows Command Shell |
Operators deploying Netwalker have used batch scripts to retrieve the Netwalker payload.(Citation: Sophos Netwalker May 2020) |
||
Enterprise | T1562 | .001 | Impair Defenses: Disable or Modify Tools |
Netwalker can detect and terminate active security software-related processes on infected systems.(Citation: TrendMicro Netwalker May 2020)(Citation: Sophos Netwalker May 2020) |
Enterprise | T1027 | .009 | Obfuscated Files or Information: Embedded Payloads |
Netwalker's DLL has been embedded within the PowerShell script in hex format.(Citation: TrendMicro Netwalker May 2020) |
.010 | Obfuscated Files or Information: Command Obfuscation |
Netwalker's PowerShell script has been obfuscated with multiple layers including base64 and hexadecimal encoding and XOR-encryption, as well as obfuscated PowerShell functions and variables.(Citation: TrendMicro Netwalker May 2020)(Citation: Sophos Netwalker May 2020) |
||
Enterprise | T1055 | .001 | Process Injection: Dynamic-link Library Injection |
The Netwalker DLL has been injected reflectively into the memory of a legitimate running process.(Citation: TrendMicro Netwalker May 2020) |
Enterprise | T1518 | .001 | Software Discovery: Security Software Discovery |
Netwalker can detect and terminate active security software-related processes on infected systems.(Citation: TrendMicro Netwalker May 2020) |
Enterprise | T1569 | .002 | System Services: Service Execution |
Operators deploying Netwalker have used psexec and certutil to retrieve the Netwalker payload.(Citation: Sophos Netwalker May 2020) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.