NetWire RC
Also known as: NetWeird, NetWire, Recam
Netwire is a RAT, its functionality seems focused on password stealing and keylogging, but includes remote control capabilities as well.
Keylog files are stored on the infected machine in an obfuscated form. The algorithm is:
for i in range(0,num_read):
buffer[i] = ((buffer[i]-0x24)^0x9D)&0xFF
Linked Threat Actors
C2 Infrastructure
Last 7 days
| Date | C2 Hosts |
|---|---|
| Apr 14, 2026 | 3 |
| Apr 13, 2026 | 3 |
| Apr 12, 2026 | 3 |
| Apr 11, 2026 | 3 |
| Apr 10, 2026 | 3 |
| Apr 9, 2026 | 3 |
| Apr 8, 2026 | 3 |
Further Reading
A previously unreported threat actor has been targeting civil society for over a decade. Read about how it operates and its relationships to other threats.
Malware-seekers were diverted to the Feds, severing a Croatian connection
In this article, Zscaler security research team dissect the custom protocols used in some of the most prevalent RATs seen in recent campaigns. Read more.
A threat actor dubbed "HydroJiin" has escalated from selling malware online to waging attacks. This campaign leverages a number of interesting techniques.
Costruiamo un digitale sicuro, insieme. Sicurezza, Resilienza, Innovazione Tinexta Cyber è una delle principali realtà italiane nel campo della cybersecurity e della system integration, parte del G...