Rewterz Threat Alert – Nanocore RAT – IOCs

June 2, 2020

Severity

Medium

Analysis Summary

NanoCore is high-risk trojan, a remote access tool (RAT). In most cases, this malware is proliferated using spam email campaigns. Criminals send thousands of deceptive emails that contain malicious attachments. Once opened, these files immediately infect computers with viruses such as NanoCore. The presence of this malware can cause serious issues, since the malware distributor gains remote access to the infected system.

Impact

Credential theft
Exposure of sensitive information

Indicators of Compromise

URL

http[:]//otanityre[.]in/j5/mimmmm[.]exe
http[:]//192[.]3[.]31[.]213/tasksmgr[.]exe
http[:]//mobdvservice[.]ru/wp-content/plugins/Confirmation[.]exe
http[:]//mobdvservice[.]ru/wp-content/plugins/Fedex-Express-Reference[.]exe
http[:]//staff[.]www[.]ltu[.]se/~adosot/wp-inv[.]exe

Remediation

Block all threat indicators at your respective controls.
Always be suspicious about emails sent by unknown senders.
Never click on the links/attachments sent by unknown senders.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

GitHub Tools Deployed in CrazyHunter Ransomware Campaigns – Active IOCs

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Sophisticated BPFDoor Malware Detected Targeting Linux Systems – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Ursnif Banking Trojan – IOCs

Nanocore RAT Malware Analysis

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.