Report

Home > List all groups > List all tools > List all groups using tool NetWire RC

Threat Group Cards: A Threat Actor Encyclopedia

Tool: NetWire RC

Names	NetWire RC NetWire RAT NetWired RC NetWire Recam
Category	Malware
Type	POS malware, Backdoor, Keylogger, Credential stealer
Description	Netwire is a RAT, its functionality seems focused on password stealing and keylogging, but includes remote control capabilities as well. Keylog files are stored on the infected machine in an obfuscated form. The algorithm is: for i in range(0,num_read): buffer[i] = ((buffer[i]-0x24)^0x9D)&0xFF
Information	<http://researchcenter.paloaltonetworks.com/2014/08/new-release-decrypting-netwire-c2-traffic/> <https://www.circl.lu/pub/tr-23/> <https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html> <http://blog.talosintelligence.com/2017/12/recam-redux-deconfusing-confuserex.html> <https://www.secureworks.com/blog/netwire-rat-steals-payment-card-data> <https://maskop9.wordpress.com/2019/01/30/analysis-of-netwiredrc-trojan/> <https://yoroi.company/research/new-cyber-operation-targets-italy-digging-into-the-netwire-attack-chain/>
MITRE ATT&CK	<https://attack.mitre.org/software/S0198/>
Malpedia	<https://malpedia.caad.fkie.fraunhofer.de/details/win.netwire>
AlienVault OTX	<https://otx.alienvault.com/browse/pulses?q=tag:Netwire>

Last change to this tool card: 09 June 2020

Download this tool card in JSON format

All groups using tool NetWire RC

Changed	Name	Country	Observed
APT groups
	APT 33, Elfin, Magnallium		2013-Nov 2019
	Gorgon Group		2017-Jul 2020
	PassCV		2016
	RATicate	[Unknown]	2019

4 groups listed (4 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT) Electronic Transactions Development Agency Follow us on	Report incidents
		+66 (0)2-123-1234
		report@thaicert.or.th
		Download PGP key