NetTraveler is malware that has been used in multiple cyber espionage campaigns for basic surveillance of victims. The earliest known samples have timestamps back to 2005, and the largest number of observed samples were created between 2010 and 2013. [1]

ID: S0033
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020

Techniques Used

Domain ID Name Use
Enterprise T1010 Application Window Discovery

NetTraveler reports window names along with keylogger information to provide application context.[1]

Enterprise T1056 .001 Input Capture: Keylogging

NetTraveler contains a keylogger.[1]

Groups That Use This Software

ID Name References
G0062 TA459