NetWire RC

Also known as: NetWeird, NetWire, Recam

Netwire is a RAT, its functionality seems focused on password stealing and keylogging, but includes remote control capabilities as well.

Keylog files are stored on the infected machine in an obfuscated form. The algorithm is:

for i in range(0,num_read):

buffer[i] = ((buffer[i]-0x24)^0x9D)&0xFF

Linked Threat Actors

APT33

C2 Infrastructure

Hosting/VPS 59%

sinkhole 33%

ISP/Residential 9%

Last 7 days

May 30, 2026

C2 Hosts: 4

May 27, 2026

C2 Hosts: 8

May 24, 2026

C2 Hosts: 276

Daily C2 host counts for the last 7 days
Date	C2 Hosts
May 30, 2026	4
May 27, 2026	8
May 24, 2026	276

Further Reading

A year of Fajan evolution and Bloomberg themed campaigns

By Vanja Svajcer. News summary * Some malware campaigns are designed to spread malware to as many people as possible — while some others carefully choose their targets. Cisco Talos recently di...

blog.talosintelligence.com

Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.

Although heavily focused on the Middle East, Elfin (aka APT33) has also targeted a range of organizations in the U.S. including a number of major corporations.

symantec-blogs.broadcom.com

ModifiedElephant APT and a Decade of Fabricating Evidence

A previously unreported threat actor has been targeting civil society for over a decade. Read about how it operates and its relationships to other threats.

sentinelone.com

FBI and international cops catch a NetWire RAT

Malware-seekers were diverted to the Feds, severing a Croatian connection

theregister.com

Analysis of top non-HTTP/S threats | Zscaler Blog

In this article, Zscaler security research team dissect the custom protocols used in some of the most prevalent RATs seen in recent campaigns. Read more.

HydroJiin Malware Campaign | ThreatLabZ | Zscaler Blog

A threat actor dubbed "HydroJiin" has escalated from selling malware online to waging attacks. This campaign leverages a number of interesting techniques.

Il polo italiano della Cyber Security

Costruiamo un digitale sicuro, insieme. Sicurezza, Resilienza, Innovazione Tinexta Cyber è una delle principali realtà italiane nel campo della cybersecurity e della system integration, parte del G...