Net Crawler

Net Crawler is an intranet worm capable of extracting credentials using credential dumpers and spreading to systems on a network over SMB by brute forcing accounts with recovered passwords and using PsExec to execute a copy of Net Crawler. [1]

ID: S0056
Aliases: Net Crawler, NetC
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1110Brute ForceNet Crawler uses a list of known credentials gathered through credential dumping to guess passwords to accounts as it spreads throughout a network.[1]
EnterpriseT1003Credential DumpingNet Crawler uses credential dumpers such as Mimikatz and Windows Credential Editor to extract cached credentials from Windows systems.[1]
EnterpriseT1035Service ExecutionNet Crawler uses PsExec to perform remote service manipulation to execute a copy of itself as part of lateral movement.[1]
EnterpriseT1077Windows Admin SharesNet Crawler uses Windows admin shares to establish authenticated sessions to remote systems over SMB as part of lateral movement.[1]

Groups

Groups that use this software:

Cleaver

References