Netwalker
NetWalker ransomware group operates by the threat actor known as "CIRCUS SPIDER". The NetWalker ransomware was discovered in 2019. The group mainly targeting the Asia Pacific region but can attack globally. The group uses common attacking tools like Mimikatz and other legitimate tools (LOLBINS) like PSTools, AnyDesk, TeamViewer, NLBrute, and more. The group knowing by targeting the healthcare sector. Finally, in January 2021, Netwalker was takedown by the authorities, the police have confiscated hundreds of thousands of dollars in ransom payments collected by the Netwalker group, and they seized servers and disrupted the infrastructure and the darknet websites of the Netwalker ransomware group.
External information
Victims
26
First Discovered
victim2020-01-31
Last Discovered
victim2020-12-12
Avg Delay
between attack and claimN/A
Infostealer
for victim with domainN/A
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | FQDN | |
|---|---|---|---|---|---|---|
|
None | No | 2025-06-01 21:19:12 | rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion |
Target (Available)
Top 5 Activity Sectors
- Healthcare and Public Health 5
- Energy 4
- Information Technology 4
- Critical Manufacturing 4
- Education Facilities 3
Top 5 Countries
-
United States
13
-
Canada
3
-
Australia
2
-
Austria
1
-
Argentina
1
Heatmap (Available)
Ransom Notes (1)
Tools Used (Available)
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
|
AdFind
|
|
|
Mimikatz
ProcDump
|
Cobalt Strike
|
|
PsExec
|
|
Vulnerabilities Exploited (0)
No vulnerabilities exploited available.
TTPs Matrix (0)
No TTPs available.
Negotiation Chats (0)
No negotiation chats available.
YARA Rules (1)
Indicators of Compromise (IoCs) (0)
No IoCs available for this group.
Victims (26)
Direccion Nacional de Migraciones (Argentina's official immigration agency)
Netwalker
Discovery Date: 2020-08-27
N/A