security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 45 Packages Projects Releases Wiki Activity
Files
34c5d66c22bbe41fe701cb6341d78ce324e6b24a
blue-team-tools/rules-emerging-threats/2021/Malware/Netwire/registry_add_malware_netwire.yml
T
Nasreddine Bencherchali 34c5d66c22 Merge PR #5966 from @nasbench - Update mitre tags to use attack v19 
chore: update mitre tags to use attack v19
2026-04-29 01:20:23 +02:00

30 lines
1.1 KiB
YAML
Raw Blame History

title: Potential NetWire RAT Activity - Registry
id: 1d218616-71b0-4c40-855b-9dbe75510f7f
status: test
description: Detects registry keys related to NetWire RAT
references:
- https://www.fortinet.com/blog/threat-research/new-netwire-rat-variant-spread-by-phishing
- https://resources.infosecinstitute.com/topic/netwire-malware-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/
- https://unit42.paloaltonetworks.com/guloader-installing-netwire-rat/
- https://blogs.blackberry.com/en/2021/09/threat-thursday-netwire-rat-is-coming-down-the-line
- https://app.any.run/tasks/41ecdbde-4997-4301-a350-0270448b4c8f/
author: Christopher Peacock
date: 2021-10-07
modified: 2025-11-03
tags:
- attack.persistence
- attack.defense-impairment
- attack.t1112
- detection.emerging-threats
logsource:
product: windows
category: registry_add
detection:
selection:
# The configuration information is usually stored under HKCU:\Software\Netwire - RedCanary
TargetObject|contains: '\software\NetWire'
condition: selection
falsepositives:
- Unknown
level: high
Reference in New Issue View Git Blame Copy Permalink