NetTraveler

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
NetTraveler is a harmful malware that can infect computers and steal personal information. The malware is usually spread through suspicious downloads, emails, or websites, without the user's knowledge. It can disrupt operations, hold data hostage, and damage computer systems. NetTraveler shares similar tactics, techniques, and procedures (TTPs) with ZeroT infrastructure. Both malware families have been continuously sharing the same command-and-control (C&C) domains. As an example, SHA256: 0d6d789d603d6d9ba68131592fd595c4d82c0288be309876d27a53466158b312 was used by many NetTraveler samples from October 2016 to January 2017. In previous years, a China-based attack group used PlugX and NetTraveler Trojans for espionage in Europe, Russia, Mongolia, Belarus, and other neighboring countries. This activity has been documented and reported on in the past.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Espionage
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ZeroTUnspecified
1
ZeroT is a malicious software (malware) that was first discovered in 2016, designed to exploit and damage computer systems. It primarily infiltrated victims' machines through Trojan-infected Word documents attached to emails. One notable instance involved the CHM file 20160621.chm, which dropped the
PlugXUnspecified
1
PlugX is a notorious malware, typically associated with Chinese threat actors, that has been used in various cyberattacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the NetTraveler Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX | Proofpoint US