Names | Net Crawler NetC | |
Category | Malware | |
Type | Reconnaissance, Worm, Credential stealer, Info stealer | |
Description | (Cylance) NetC is a tool developed in C# and has been observed being obfuscated with SmartAssembly, which is a tool used by legitimate businesses as well as .NET malware authors. Both known samples of NetC were compiled in April and May of 2013. It has the capability to run commands on all computers in the domain with credentials extracted from the initially compromised host. This capability allows it to operate as a utility for pivoting once a computer on the network has already been compromised. It also has the functionality to spread to other computers in the network, and then call itself again, worming throughout the network, returning harvested credentials and command results. | |
Information | <https://threatvector.cylance.com/en_us/home/operation-cleaver-net-crawler.html> | |
MITRE ATT&CK | <https://attack.mitre.org/software/S0056/> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.netc> |
Last change to this tool card: 23 April 2020
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
Cutting Kitten, TG-2889 | 2012-Mar 2016 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |