Skip to content

Hide Navigation Hide TOC

Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704)

Net Crawler is an intranet worm capable of extracting credentials using credential dumpers and spreading to systems on a network over SMB by brute forcing accounts with recovered passwords and using PsExec to execute a copy of Net Crawler. (Citation: Cylance Cleaver)

Cluster A Galaxy A Cluster B Galaxy B Level
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 1
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 1
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware NetC (0bc03bfa-1439-4162-bb33-ec9f8f952ee5) Malpedia 1
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware 1
Net Crawler - S0056 (fde50aaa-f5de-4cb8-989a-babb57d6a704) Malware LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern 1
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
Password Cracking - T1110.002 (1d24cdee-9ea2-4189-b08e-af110bf2435d) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2