NetWire is a remote access Trojan focused on password stealing and keylogging, as well as including remote control capabilities. This threat has been used by malicious groups since 2012 and distributed through various social engineering campaigns (malspam). Recently, NetWire has been distributed as a second payload using Microsoft Word documents via GuLoader phishing waves. These days, NetWire is often launched via social engineering campaigns or as a later payload of another malware chain. Criminals send emails with malicious files attached to a wide number of users and expect at least someone to open the infected file. Once a victim clicks on it, the malware file is downloaded onto the victim’s computer. The shared files often used by crooks are PDF, Word, and IMG files.