Net Crawler is an intranet worm capable of extracting credentials using credential dumpers and spreading to systems on a network over SMB by brute forcing accounts with recovered passwords and using PsExec to execute a copy of Net Crawler. 
|Enterprise||T1110||.002||Brute Force: Password Cracking||
Net Crawler uses a list of known credentials gathered through credential dumping to guess passwords to accounts as it spreads throughout a network.
|Enterprise||T1003||.001||OS Credential Dumping: LSASS Memory||
Net Crawler uses credential dumpers such as Mimikatz and Windows Credential Editor to extract cached credentials from Windows systems.
|Enterprise||T1021||.002||Remote Services: SMB/Windows Admin Shares||
Net Crawler uses Windows admin shares to establish authenticated sessions to remote systems over SMB as part of lateral movement.
|Enterprise||T1569||.002||System Services: Service Execution||
Net Crawler uses PsExec to perform remote service manipulation to execute a copy of itself as part of lateral movement.