S0198 - Netwire

Threat Intelligence Feed

Feed ID: zPI4t4gBYAdeK0KLPyvT

NETWIRE is a publicly available, multiplatform remote administration tool (RAT) that has been used by criminal and APT groups since at least 2012.


Select the way you want to use this feed:


Download Feed

Download this Threat Intelligence feed directly or through code:

  • Several different formats (Simple IoC lists or full context JSON)
  • Code snippets available on how to download it in different programming languages.


  • Integrate Feed

    Automate your Security Operations by integrating this feed data real time into your Security Stack:

  • Onboard Maltiverse Feeds on security devices (SIEM, SOAR, Firewalls, etc)
  • Create your own feed and deploy new IoCs insantly across you security devices.


  • Feed composition

    Feed composition by type

    IP Address Hostname URL Sample Total

    Feed ingestion over time (now-1y)

    Feed composition by type

    results found for: “blacklist.external_references.external_id:"S0198" AND classification:malicious”