ioc[.]one - OSINT Cyber Threat Intelligence Database

Reflective Loading Runs Netwalker Fileless Ransomware

Tags

attack-pattern:

Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Credential Dumping - T1003 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	4363550b-2608-47f6-8871-0bf5f131fab1
Fingerprint	a553a9ba0067ae4c
Analysis status	DONE
Considered CTI value	0
Text language
Published	May 18, 2020, midnight
Added to db	Oct. 15, 2024, 5:33 p.m.
Last updated	Nov. 18, 2024, 12:28 p.m.
Headline	Reflective Loading Runs Netwalker Fileless Ransomware
Title	Reflective Loading Runs Netwalker Fileless Ransomware
Detected Hints/Tags/Attributes	45/1/10

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_ca/research/20/e/netwalker-fileless-ransomware-injected-via-reflective-loading.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	CTI	Value
Details	File	11		ransom.ps1
Details	File	1260		explorer.exe
Details	File	5		kernell32.dll
Details	File	199		excel.exe
Details	File	29		ntrtscan.exe
Details	File	92		powerpnt.exe
Details	File	323		winword.exe
Details	File	20		wrsa.exe
Details	sha256	1		f4656a9af30e98ed2103194f798fa00fd1686618e3e62fba6b15c9959135b7be
Details	Windows Registry Key	15		HKEY_CURRENT_USER\SOFTWARE