Source: 15.2.host process.exe.5270000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 15.0.host process.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 15.0.host process.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 15.2.host process.exe.5624629.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 13.0.Order Sheet.exe.4031bf.13.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 13.0.Order Sheet.exe.4031bf.13.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 13.0.Order Sheet.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 13.0.Order Sheet.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 13.0.Order Sheet.exe.400000.8.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 17.2.dhcpmon.exe.2e33dc4.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 13.0.Order Sheet.exe.400000.8.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 13.2.Order Sheet.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 13.2.Order Sheet.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 17.2.dhcpmon.exe.3e5e424.3.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 17.2.dhcpmon.exe.3e595ee.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 17.2.dhcpmon.exe.3e595ee.4.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 13.0.Order Sheet.exe.4031bf.9.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 13.0.Order Sheet.exe.4031bf.9.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 15.2.host process.exe.3e9e424.4.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 17.2.dhcpmon.exe.3e62a4d.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 17.0.dhcpmon.exe.6f0000.0.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 17.0.dhcpmon.exe.6f0000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 13.2.Order Sheet.exe.4031bf.2.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 13.2.Order Sheet.exe.4031bf.2.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.Order Sheet.exe.43a39cf.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.Order Sheet.exe.43a39cf.5.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 17.2.dhcpmon.exe.6f0000.0.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 17.2.dhcpmon.exe.6f0000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 13.0.Order Sheet.exe.4031bf.13.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 13.0.Order Sheet.exe.4031bf.13.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 17.2.dhcpmon.exe.3e5e424.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.Order Sheet.exe.3d59930.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.Order Sheet.exe.3d59930.4.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 15.0.host process.exe.700000.2.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 15.0.host process.exe.700000.2.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 15.2.host process.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 15.2.host process.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 13.0.Order Sheet.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 13.0.Order Sheet.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 15.0.host process.exe.700000.1.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 15.0.host process.exe.700000.1.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 15.2.host process.exe.3ea2a4d.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.Order Sheet.exe.3d8e541.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.Order Sheet.exe.3d8e541.3.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.Order Sheet.exe.3d5baef.2.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.Order Sheet.exe.3d5baef.2.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.Order Sheet.exe.43a1810.7.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.Order Sheet.exe.43a1810.7.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 13.2.Order Sheet.exe.4031bf.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 13.2.Order Sheet.exe.4031bf.2.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 15.2.host process.exe.3e995ee.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 15.2.host process.exe.3e995ee.2.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.Order Sheet.exe.43a1810.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.Order Sheet.exe.43a1810.7.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 15.2.host process.exe.5620000.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 13.0.Order Sheet.exe.4031bf.9.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 13.0.Order Sheet.exe.4031bf.9.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 13.0.Order Sheet.exe.400000.12.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 13.0.Order Sheet.exe.400000.12.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.Order Sheet.exe.3d59930.4.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.Order Sheet.exe.3d59930.4.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 15.2.host process.exe.3e9e424.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.Order Sheet.exe.43a39cf.5.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.Order Sheet.exe.43a39cf.5.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 15.2.host process.exe.2e6179c.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 15.2.host process.exe.5620000.7.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 15.0.host process.exe.700000.3.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 15.0.host process.exe.700000.3.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.Order Sheet.exe.3d5baef.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.Order Sheet.exe.3d5baef.2.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.Order Sheet.exe.4049fa0.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.Order Sheet.exe.4049fa0.6.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0000000F.00000000.785845413.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0000000F.00000000.785845413.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0000000D.00000000.778355649.0000000000403000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0000000D.00000000.778355649.0000000000403000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000011.00000000.819202402.00000000006F2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000011.00000000.819202402.00000000006F2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0000000D.00000000.777156532.0000000000403000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0000000D.00000000.777156532.0000000000403000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000011.00000002.839950628.0000000003E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000011.00000002.839877068.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0000000F.00000000.786290846.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0000000F.00000000.786290846.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0000000D.00000002.794132877.0000000000403000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0000000D.00000002.794132877.0000000000403000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0000000F.00000000.785282794.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0000000F.00000000.785282794.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0000000F.00000002.941244676.0000000003E89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0000000F.00000002.942025681.0000000005620000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0000000F.00000002.934558154.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0000000F.00000002.934558154.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000011.00000002.839063926.00000000006F2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000011.00000002.839063926.00000000006F2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0000000F.00000002.941790490.0000000005270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0000000F.00000000.786907867.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0000000F.00000000.786907867.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000002.785591112.0000000003D59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.785591112.0000000003D59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000002.786336359.0000000003F23000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.786336359.0000000003F23000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: Order Sheet.exe PID: 5588, type: MEMORYSTR |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: Order Sheet.exe PID: 5588, type: MEMORYSTR |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: Order Sheet.exe PID: 6200, type: MEMORYSTR |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: Order Sheet.exe PID: 6200, type: MEMORYSTR |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: host process.exe PID: 6076, type: MEMORYSTR |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: host process.exe PID: 6076, type: MEMORYSTR |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: dhcpmon.exe PID: 2280, type: MEMORYSTR |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: dhcpmon.exe PID: 2280, type: MEMORYSTR |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: C:\Users\user\AppData\Local\Temp\host process.exe, type: DROPPED |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: C:\Users\user\AppData\Local\Temp\host process.exe, type: DROPPED |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 15.2.host process.exe.5270000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.2.host process.exe.5270000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 15.0.host process.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.0.host process.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 15.0.host process.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 15.2.host process.exe.5624629.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.2.host process.exe.5624629.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 13.0.Order Sheet.exe.4031bf.13.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 13.0.Order Sheet.exe.4031bf.13.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 13.0.Order Sheet.exe.4031bf.13.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 13.0.Order Sheet.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 13.0.Order Sheet.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 13.0.Order Sheet.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 13.0.Order Sheet.exe.400000.8.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 13.0.Order Sheet.exe.400000.8.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 17.2.dhcpmon.exe.2e33dc4.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 17.2.dhcpmon.exe.2e33dc4.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 13.0.Order Sheet.exe.400000.8.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 13.2.Order Sheet.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 13.2.Order Sheet.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 13.2.Order Sheet.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 17.2.dhcpmon.exe.3e5e424.3.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 17.2.dhcpmon.exe.3e5e424.3.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 17.2.dhcpmon.exe.3e595ee.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 17.2.dhcpmon.exe.3e595ee.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 17.2.dhcpmon.exe.3e595ee.4.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 13.0.Order Sheet.exe.4031bf.9.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 13.0.Order Sheet.exe.4031bf.9.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 13.0.Order Sheet.exe.4031bf.9.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 15.2.host process.exe.3e9e424.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.2.host process.exe.3e9e424.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 17.2.dhcpmon.exe.3e62a4d.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 17.2.dhcpmon.exe.3e62a4d.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 17.0.dhcpmon.exe.6f0000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 17.0.dhcpmon.exe.6f0000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 17.0.dhcpmon.exe.6f0000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 13.2.Order Sheet.exe.4031bf.2.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 13.2.Order Sheet.exe.4031bf.2.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 13.2.Order Sheet.exe.4031bf.2.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.Order Sheet.exe.43a39cf.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.Order Sheet.exe.43a39cf.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.Order Sheet.exe.43a39cf.5.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 17.2.dhcpmon.exe.6f0000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 17.2.dhcpmon.exe.6f0000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 17.2.dhcpmon.exe.6f0000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 13.0.Order Sheet.exe.4031bf.13.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 13.0.Order Sheet.exe.4031bf.13.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 13.0.Order Sheet.exe.4031bf.13.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 17.2.dhcpmon.exe.3e5e424.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 17.2.dhcpmon.exe.3e5e424.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.Order Sheet.exe.3d59930.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.Order Sheet.exe.3d59930.4.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 15.0.host process.exe.700000.2.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.0.host process.exe.700000.2.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 15.0.host process.exe.700000.2.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 15.2.host process.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.2.host process.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 15.2.host process.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 13.0.Order Sheet.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 13.0.Order Sheet.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 13.0.Order Sheet.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 15.0.host process.exe.700000.1.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.0.host process.exe.700000.1.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 15.0.host process.exe.700000.1.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 15.2.host process.exe.3ea2a4d.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.2.host process.exe.3ea2a4d.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.Order Sheet.exe.3d8e541.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.Order Sheet.exe.3d8e541.3.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.Order Sheet.exe.3d5baef.2.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.Order Sheet.exe.3d5baef.2.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.Order Sheet.exe.3d5baef.2.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.Order Sheet.exe.43a1810.7.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.Order Sheet.exe.43a1810.7.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.Order Sheet.exe.43a1810.7.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 13.2.Order Sheet.exe.4031bf.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 13.2.Order Sheet.exe.4031bf.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 13.2.Order Sheet.exe.4031bf.2.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 15.2.host process.exe.3e995ee.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.2.host process.exe.3e995ee.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 15.2.host process.exe.3e995ee.2.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.Order Sheet.exe.43a1810.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.Order Sheet.exe.43a1810.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.Order Sheet.exe.43a1810.7.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 15.2.host process.exe.5620000.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.2.host process.exe.5620000.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 13.0.Order Sheet.exe.4031bf.9.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 13.0.Order Sheet.exe.4031bf.9.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 13.0.Order Sheet.exe.4031bf.9.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 13.0.Order Sheet.exe.400000.12.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 13.0.Order Sheet.exe.400000.12.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 13.0.Order Sheet.exe.400000.12.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.Order Sheet.exe.3d59930.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.Order Sheet.exe.3d59930.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.Order Sheet.exe.3d59930.4.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 15.2.host process.exe.3e9e424.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.2.host process.exe.3e9e424.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.Order Sheet.exe.43a39cf.5.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.Order Sheet.exe.43a39cf.5.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.Order Sheet.exe.43a39cf.5.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 15.2.host process.exe.2e6179c.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.2.host process.exe.2e6179c.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 15.2.host process.exe.5620000.7.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.2.host process.exe.5620000.7.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 15.0.host process.exe.700000.3.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 15.0.host process.exe.700000.3.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 15.0.host process.exe.700000.3.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.Order Sheet.exe.3d5baef.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.Order Sheet.exe.3d5baef.2.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.Order Sheet.exe.4049fa0.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.Order Sheet.exe.4049fa0.6.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0000000F.00000000.785845413.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0000000F.00000000.785845413.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0000000D.00000000.778355649.0000000000403000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0000000D.00000000.778355649.0000000000403000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000011.00000000.819202402.00000000006F2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000011.00000000.819202402.00000000006F2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0000000D.00000000.777156532.0000000000403000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0000000D.00000000.777156532.0000000000403000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000011.00000002.839950628.0000000003E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000011.00000002.839877068.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0000000F.00000000.786290846.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0000000F.00000000.786290846.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0000000D.00000002.794132877.0000000000403000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0000000D.00000002.794132877.0000000000403000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0000000F.00000000.785282794.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0000000F.00000000.785282794.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0000000F.00000002.941244676.0000000003E89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0000000F.00000002.942025681.0000000005620000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0000000F.00000002.942025681.0000000005620000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0000000F.00000002.934558154.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0000000F.00000002.934558154.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000011.00000002.839063926.00000000006F2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000011.00000002.839063926.00000000006F2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0000000F.00000002.941790490.0000000005270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0000000F.00000002.941790490.0000000005270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0000000F.00000000.786907867.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0000000F.00000000.786907867.0000000000702000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000002.785591112.0000000003D59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.785591112.0000000003D59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000002.786336359.0000000003F23000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.786336359.0000000003F23000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: Order Sheet.exe PID: 5588, type: MEMORYSTR |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: Order Sheet.exe PID: 5588, type: MEMORYSTR |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: Order Sheet.exe PID: 6200, type: MEMORYSTR |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: Order Sheet.exe PID: 6200, type: MEMORYSTR |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: host process.exe PID: 6076, type: MEMORYSTR |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: host process.exe PID: 6076, type: MEMORYSTR |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: dhcpmon.exe PID: 2280, type: MEMORYSTR |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: dhcpmon.exe PID: 2280, type: MEMORYSTR |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\AppData\Local\Temp\host process.exe, type: DROPPED |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: C:\Users\user\AppData\Local\Temp\host process.exe, type: DROPPED |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: C:\Users\user\AppData\Local\Temp\host process.exe, type: DROPPED |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |