Nanocore Rat

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

NanoCore RAT is a malicious software (malware) that is designed to exploit and harm computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once it has infected a system, NanoCore RAT can steal personal information, disrupt operations, or even hold data hostage for ransom. The final payload of this malware attack is a dropper Trojan that installs the NanoCore RAT onto the victim's device. Once installed, the Remote Access Trojan (RAT) maintains a connection with the attackers' command-and-control (C2) server. During the attack, various plug-ins are dropped into the system, including the Remcos RAT, XWorm, NanoCore RAT, and a stealer designed specifically for crypto wallets. These plug-ins are designed to further exploit the compromised system and provide the attacker with additional control and access. Among these plugins, three RATs stand out due to their varied and nefarious purposes. The Remcos RAT allows attackers to gain complete control over the system, enabling them to capture keystrokes, screenshots, credentials, and other sensitive information. The NanoCore RAT provides remote access and control over the victim's computer. Lastly, Xworm can either load ransomware onto the system or act as a persistent backdoor, ensuring continued unauthorized access to the infected device.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
NanoCore	1	NanoCore is a notorious Remote Access Trojan (RAT) first discovered in 2013. It targets Windows operating system users and operates by opening a backdoor on an infected computer to steal information. NanoCore has maintained a top five position for six consecutive months, taking the third spot in Dec

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Rat

Backdoor

Remcos

Ransomware

Payload

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Xworm	Unspecified	1	XWorm is a multi-functional malware that provides threat actors with remote access capabilities, has the potential to spread across networks, exfiltrate sensitive data, and download additional payloads. It was observed exploiting ScreenConnect vulnerabilities, a client software used for remote syste

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Nanocore Rat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
MITRE	a year ago	The Gorgon Group: Slithering Between Nation State and Cybercrime
DARKReading	4 months ago	Cagey Phishing Attack Drops Multiple RATs to Steal Data