Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

NETWIRE

NETWIRE is a publicly available, multiplatform remote administration tool (RAT) that has been used by criminal and APT groups since at least 2012. [1] [2] [3]

ID: S0198
Aliases: NETWIRE
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
NETWIRE[1] [3] [2]

Techniques Used

DomainIDNameUse
EnterpriseT1116Code SigningThe NETWIRE client has been signed by fake and invalid digital certificates.[2]
EnterpriseT1056Input CaptureNETWIRE can perform keylogging.[2][3]
EnterpriseT1060Registry Run Keys / Startup FolderNETWIRE creates a Registry start-up entry to establish persistence.[2]
EnterpriseT1113Screen CaptureNETWIRE can capture the victim's screen.[2]
EnterpriseT1082System Information DiscoveryNETWIRE can discover and collect victim system information.[2]

Groups

Groups that use this software:

APT33

References