ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool NetWire RC

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: NetWire RC

NamesNetWire RC
NetWire RAT
NetWired RC
NetWire
Recam
CategoryMalware
TypePOS malware, Backdoor, Keylogger, Credential stealer
DescriptionNetwire is a RAT, its functionality seems focused on password stealing and keylogging, but includes remote control capabilities as well.

Keylog files are stored on the infected machine in an obfuscated form. The algorithm is:

for i in range(0,num_read):
buffer[i] = ((buffer[i]-0x24)^0x9D)&0xFF
Information<http://researchcenter.paloaltonetworks.com/2014/08/new-release-decrypting-netwire-c2-traffic/>
<https://www.circl.lu/pub/tr-23/>
<https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html>
<http://blog.talosintelligence.com/2017/12/recam-redux-deconfusing-confuserex.html>
<https://www.secureworks.com/blog/netwire-rat-steals-payment-card-data>
<https://maskop9.wordpress.com/2019/01/30/analysis-of-netwiredrc-trojan/>
<https://yoroi.company/research/new-cyber-operation-targets-italy-digging-into-the-netwire-attack-chain/>
MITRE ATT&CK<https://attack.mitre.org/software/S0198/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.netwire>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Netwire>

Last change to this tool card: 09 June 2020

Download this tool card in JSON format

All groups using tool NetWire RC

ChangedNameCountryObserved

APT groups

 APT 33, Elfin, MagnalliumIran2013-Nov 2019 
 Gorgon GroupPakistan2017-Jul 2020 
 PassCVChina2016 
 RATicate[Unknown]2019 

4 groups listed (4 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key