Remote Access Trojan
NetWire
First seen: 2012-01 • Status: disrupted
Disrupted by Law Enforcement
NetWire was a remote access tool used by criminals for over a decade. The FBI shut it down in 2023, but variants may still be circulating.
Overview
NetWire was a commercial RAT that was marketed as legitimate software but widely used by cybercriminals. The FBI seized its infrastructure in 2023.
Also Known As
NetWire RAT, NetWireRC
How It Spreads
- • Phishing emails
- • Malicious attachments
- • Exploit kits
What It Does
- • Remote access
- • Keylogging
- • Credential theft
- • File theft
Is your business exposed?
Target Platforms
Windows, macOS, Linux
Detection Tips
- • Monitor for known NetWire signatures
- • Watch for suspicious remote connections
MITRE ATT&CK Techniques
T1056, T1005, T1021
If You're Infected
- 1.
Remove malware with antivirus
- 2.
Change all credentials
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required