Netwalker

Description

External Analysis
https://threatpost.com/netwalker-ransomware-suspect-charged/163405
https://www.cybereason.com/blog/cybereason-vs.-netwalker-ransomware
https://www.ncsc.org/trends/monthly-trends-articles/2020/netwalker-ransomware
https://0x00-0x7f.github.io/Netwalker-from-Powershell-reflective-loader-to-injected-Dll/
https://blog.talosintelligence.com/2020/09/CTIR-quarterly-trends-Q4-2020.html
https://blog.trendmicro.com/trendlabs-security-intelligence/netwalker-fileless-ransomware-injected-via-reflective-loading/
https://blogs.blackberry.com/en/2021/03/zerologon-to-ransomware
https://cert-agid.gov.it/news/netwalker-il-ransomware-che-ha-beffato-lintera-community/
https://cti-league.com/wp-content/uploads/2021/02/CTI-League-Darknet-Report-2021.pdf
https://danusminimus.github.io/Zero2Auto-Netwalker-Walkthrough/
https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3
https://download.microsoft.com/download/f/8/1/f816b8b6-bee3-41e5-b6cc-e925a5688f61/Microsoft_Digital_Defense_Report_2020_September.pdf
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf
https://go.crowdstrike.com/rs/281-OBQ-266/images/ReportCSIT-20081e.pdf
https://ics-cert.kaspersky.com/media/KASPERSKY_H1_2020_ICS_REPORT_EN.pdf
https://id-ransomware.blogspot.com/2019/09/koko-ransomware.html
https://ke-la.com/how-ransomware-gangs-find-new-monetization-schemes-and-evolve-in-marketing/
https://ke-la.com/to-attack-or-not-to-attack-targeting-the-healthcare-sector-in-the-underground-ecosystem/
https://krebsonsecurity.com/2021/01/arrest-seizures-tied-to-netwalker-ransomware
https://lopqto.me/posts/automated-dynamic-import-resolving
https://news.sophos.com/en-us/2020/05/27/netwalker-ransomware-tools-give-insight-into-threat-actor/
https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/
https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/
https://s3.documentcloud.org/documents/21199896/vachon-desjardins-court-docs.pdf
https://seguranca-informatica.pt/netwalker-ransomware-full-analysis/
https://sites.temple.edu/care/ci-rw-attacks/
https://tccontre.blogspot.com/2020/05/netwalker-ransomware-api-call.html
https://thedfirreport.com/2020/08/31/netwalker-ransomware-in-1-hour/
https://therecord.media/darkside-gang-estimated-to-have-made-over-90-million-from-ransomware-attacks/
https://therecord.media/ransomwhere-project-wants-to-create-a-database-of-past-ransomware-payments/
https://www.advanced-intel.com/post/netwalker-ransomware-group-enters-advanced-targeting-game
https://www.bleepingcomputer.com/news/security/darkside-ransomware-made-90-million-in-just-nine-months/
https://www.bleepingcomputer.com/news/security/enel-group-hit-by-ransomware-again-netwalker-demands-14-million
https://www.bleepingcomputer.com/news/security/enel-group-hit-by-ransomware-again-netwalker-demands-14-million/
https://www.bleepingcomputer.com/news/security/mailto-netwalker-ransomware-targets-enterprise-networks/
https://www.bleepingcomputer.com/news/security/michigan-state-university-network-breached-in-ransomware-attack/
https://www.bleepingcomputer.com/news/security/netwalker-ransomware-affiliate-sentenced-to-80-months-in-prison/
https://www.bleepingcomputer.com/news/security/netwalker-ransomware-infecting-users-via-coronavirus-phishing/
https://www.coveware.com/blog/ransomware-attack-vectors-shift-as-new-software-vulnerability-exploits-abound
https://www.crowdstrike.com/blog/analysis-of-ecrime-menu-style-toolkits/
https://www.crowdstrike.com/blog/big-game-hunting-on-the-rise-again-according-to-ecrime-index/
https://www.cybereason.com/blog/cybereason-vs.-netwalker-ransomware
https://www.cyborgsecurity.com/cyborg_labs/hunting-ransomware-inhibiting-system-backup-or-recovery/
https://www.deepinstinct.com/2021/05/26/deep-dive-packing-software-cryptone/
https://www.hornetsecurity.com/en/security-informationen-en/leakware-ransomware-hybrid-attacks/
https://www.ic3.gov/media/news/2020/200929-2.pdf
https://www.incibe-cert.es/blog/ransomware-netwalker-analisis-y-medidas-preventivas
https://www.justice.gov/opa/pr/department-justice-launches-global-action-against-netwalker-ransomware
https://www.justice.gov/usao-mdfl/press-release/file/1360846/download
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/take-a-netwalk-on-the-wild-side/
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/
https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-ransomware-threat-report-2021.pdf
https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/paas-or-how-hackers-evade-antivirus-software/
https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf
https://www.pwc.co.uk/issues/cyber-security-services/insights/what-is-behind-ransomware-attacks-increase.html
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/conti-leaks-examining-the-panama-papers-of-ransomware.html
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/an-in-depth-look-at-mailto-ransomware-part-one-of-three/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/an-in-depth-look-at-mailto-ransomware-part-three-of-three/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/an-in-depth-look-at-mailto-ransomware-part-two-of-three/
https://www.ucsf.edu/news/2020/06/417911/update-it-security-incident-ucsf
https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf
https://www.youtube.com/watch?v=q8of74upT_g
https://www.zeit.de/digital/2021-06/cybercrime-extortion-internet-spyware-ransomware-police-prosecution-hackers
https://zengo.com/bitcoin-ransomware-detective-ucsf/
https://zero2auto.com/2020/05/19/netwalker-re/
Urls
Screen
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
File servers
Screen
Chat servers
Screen