Delaware, USA – August 22, 2019 – The fresh version of NanoCore RAT emerged on an underground forum despite the fact that its author is sentenced to 33 months imprisonment. LMNTRIX Labs discovered a relatively new version of the trojan with modifications, which is available to any user of the forum. Nanocore has been used by cybercriminals since 2013, and it was initially sold for a fairly modest amount of $25, but the Trojan was periodically cracked and shared. Usually, after a short period of time after that, researchers record a surge of attacks using the cracked version. The malware has a wide range of capabilities for espionage and remote control of the system, and more importantly – an “attacker-friendly” interface, which allows even beginners to carry out full-fledged campaigns. NanoCore RAT provides full access to the infected system, and also allows attackers to record audio and video, perform keylogging, collect credentials and other personal information.
The Trojan usually spreads via phishing emails with malicious attachments or links. In a recent campaign, adversaries delivered Nanocore RAT hidden in ISO images to avoid deep scanning by security solutions. To proactively prepare to the wave of attacks using this malware, it is recommended to install updates on Windows systems and Office programs, as well as arm your security platforms with rules to detect this threat.
Content available on Threat Detection Marketplace:
Nanocore Malware Detector (Sysmon Behavior Analysis) – https://tdm.socprime.com/tdm/info/2255/
NanoCore RAT (Sysmon) – https://tdm.socprime.com/tdm/info/1353/
You can also explore techniques this malware use in MITRE ATT&CK section: https://tdm.socprime.com/att-ck/