Source: 7.2.MSBuild.exe.31e3c74.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 7.2.MSBuild.exe.31e3c74.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 7.2.MSBuild.exe.31e3c74.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 6.3.znytpstdcrwsisx.exe.16ec7f8.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 6.3.znytpstdcrwsisx.exe.16ec7f8.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 6.3.znytpstdcrwsisx.exe.16ec7f8.2.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 6.3.znytpstdcrwsisx.exe.16ec7f8.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 1.2.MSBuild.exe.5640000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 1.2.MSBuild.exe.5640000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 1.2.MSBuild.exe.5640000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 1.2.MSBuild.exe.59f0000.4.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 1.2.MSBuild.exe.59f0000.4.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 1.2.MSBuild.exe.59f0000.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.145bb50.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.145bb50.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.145bb50.3.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.145bb50.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 7.2.MSBuild.exe.4209c8e.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 7.2.MSBuild.exe.4209c8e.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 7.2.MSBuild.exe.4209c8e.4.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 7.2.MSBuild.exe.4209c8e.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 7.2.MSBuild.exe.420eac4.3.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 7.2.MSBuild.exe.420eac4.3.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 7.2.MSBuild.exe.420eac4.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 1.2.MSBuild.exe.59f0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 1.2.MSBuild.exe.59f0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 1.2.MSBuild.exe.59f0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.0.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 7.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 7.2.MSBuild.exe.42130ed.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 7.2.MSBuild.exe.42130ed.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 7.2.MSBuild.exe.42130ed.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 7.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 7.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 7.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.1.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.147e008.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.147e008.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.147e008.6.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.147e008.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 1.2.MSBuild.exe.59f4629.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 1.2.MSBuild.exe.59f4629.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 1.2.MSBuild.exe.59f4629.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 7.2.MSBuild.exe.420eac4.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 7.2.MSBuild.exe.420eac4.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 7.2.MSBuild.exe.420eac4.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 1.2.MSBuild.exe.2dd16f8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 1.2.MSBuild.exe.2dd16f8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 1.2.MSBuild.exe.2dd16f8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.14183d8.0.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.14183d8.0.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.14183d8.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.14183d8.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.13db7e0.1.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.13db7e0.1.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.13db7e0.1.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.13db7e0.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.11c1e50.2.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.11c1e50.2.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.11c1e50.2.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.11c1e50.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000006.00000003.407208526.000000000175C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000006.00000003.407208526.000000000175C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000003.407208526.000000000175C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000006.00000003.409346361.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000006.00000003.409346361.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000003.409346361.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000000.00000003.383770715.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000000.00000003.383770715.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.383770715.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000000.00000003.384143061.0000000001195000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000000.00000003.384143061.0000000001195000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.384143061.0000000001195000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000000.00000003.382325169.0000000001197000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000000.00000003.382325169.0000000001197000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.382325169.0000000001197000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000000.00000003.383002021.00000000014E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000000.00000003.383002021.00000000014E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.383002021.00000000014E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000000.00000003.382620539.0000000001428000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000000.00000003.382620539.0000000001428000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.382620539.0000000001428000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000000.00000003.382379627.0000000001429000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000000.00000003.382379627.0000000001429000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.382379627.0000000001429000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000000.00000003.383032344.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000000.00000003.383032344.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.383032344.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000006.00000003.407143398.000000000178F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000006.00000003.407143398.000000000178F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000003.407143398.000000000178F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000006.00000003.407063143.0000000004541000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000006.00000003.407063143.0000000004541000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000003.407063143.0000000004541000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000000.00000003.382518683.0000000001197000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000000.00000003.382518683.0000000001197000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.382518683.0000000001197000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000007.00000002.421398026.00000000031C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000007.00000002.421398026.00000000031C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000007.00000002.420789152.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000007.00000002.420789152.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000007.00000002.420789152.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000006.00000003.405134959.00000000016ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000006.00000003.405134959.00000000016ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000003.405134959.00000000016ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000006.00000003.409265675.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000006.00000003.409265675.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000003.409265675.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000006.00000003.407268539.0000000001729000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000006.00000003.407268539.0000000001729000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000003.407268539.0000000001729000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000001.00000002.630789913.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000000.00000003.387268383.0000000001196000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000000.00000003.387268383.0000000001196000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.387268383.0000000001196000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000001.00000002.634788699.00000000059F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000001.00000002.634788699.00000000059F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 00000001.00000002.634788699.00000000059F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000000.00000003.383592412.0000000001419000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000000.00000003.383592412.0000000001419000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.383592412.0000000001419000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000006.00000003.405268351.000000000172A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000006.00000003.405268351.000000000172A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000003.405268351.000000000172A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000001.00000002.634649068.0000000005640000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000001.00000002.634649068.0000000005640000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 00000001.00000002.634649068.0000000005640000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000006.00000003.405858359.00000000016BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000006.00000003.405858359.00000000016BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000003.405858359.00000000016BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000000.00000003.382557238.00000000013C2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000000.00000003.382557238.00000000013C2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.382557238.00000000013C2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000000.00000003.383733827.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000000.00000003.383733827.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.383733827.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000006.00000003.405433292.00000000016EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000006.00000003.405433292.00000000016EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000003.405433292.00000000016EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000006.00000003.409440308.0000000001457000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000006.00000003.409440308.0000000001457000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000003.409440308.0000000001457000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000006.00000003.409174074.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000006.00000003.409174074.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000003.409174074.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000006.00000003.406996996.0000000001687000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000006.00000003.406996996.0000000001687000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000003.406996996.0000000001687000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000006.00000003.405084980.0000000001457000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000006.00000003.405084980.0000000001457000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000003.405084980.0000000001457000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000006.00000003.409044743.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000006.00000003.409044743.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000003.409044743.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000000.00000003.382477117.000000000145C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000000.00000003.382477117.000000000145C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.382477117.000000000145C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000006.00000003.405355044.0000000001687000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000006.00000003.405355044.0000000001687000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000006.00000003.405355044.0000000001687000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000000.00000003.383509738.000000000144C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: 00000000.00000003.383509738.000000000144C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.383509738.000000000144C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000007.00000002.421501770.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000007.00000002.421501770.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: Process Memory Space: Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe PID: 7044, type: MEMORYSTR |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: Process Memory Space: Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe PID: 7044, type: MEMORYSTR |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe PID: 7044, type: MEMORYSTR |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: Process Memory Space: MSBuild.exe PID: 5980, type: MEMORYSTR |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: MSBuild.exe PID: 5980, type: MEMORYSTR |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: Process Memory Space: znytpstdcrwsisx.exe PID: 5292, type: MEMORYSTR |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: Process Memory Space: znytpstdcrwsisx.exe PID: 5292, type: MEMORYSTR |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: znytpstdcrwsisx.exe PID: 5292, type: MEMORYSTR |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: Process Memory Space: MSBuild.exe PID: 5944, type: MEMORYSTR |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems) |
Source: Process Memory Space: MSBuild.exe PID: 5944, type: MEMORYSTR |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: MSBuild.exe PID: 5944, type: MEMORYSTR |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 7.2.MSBuild.exe.31e3c74.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.MSBuild.exe.31e3c74.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.MSBuild.exe.31e3c74.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 7.2.MSBuild.exe.31e3c74.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 6.3.znytpstdcrwsisx.exe.16ec7f8.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.16ec7f8.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.16ec7f8.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.16ec7f8.2.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.16ec7f8.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 1.2.MSBuild.exe.5640000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.MSBuild.exe.5640000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.MSBuild.exe.5640000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 1.2.MSBuild.exe.5640000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 1.2.MSBuild.exe.59f0000.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.MSBuild.exe.59f0000.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.MSBuild.exe.59f0000.4.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 1.2.MSBuild.exe.59f0000.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.145bb50.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.145bb50.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.145bb50.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.145bb50.3.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.145bb50.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 7.2.MSBuild.exe.4209c8e.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.MSBuild.exe.4209c8e.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.MSBuild.exe.4209c8e.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 7.2.MSBuild.exe.4209c8e.4.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 7.2.MSBuild.exe.4209c8e.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 7.2.MSBuild.exe.420eac4.3.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.MSBuild.exe.420eac4.3.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.MSBuild.exe.420eac4.3.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 7.2.MSBuild.exe.420eac4.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 1.2.MSBuild.exe.59f0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.MSBuild.exe.59f0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.MSBuild.exe.59f0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 1.2.MSBuild.exe.59f0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.0.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 7.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.MSBuild.exe.42130ed.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.MSBuild.exe.42130ed.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.MSBuild.exe.42130ed.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 7.2.MSBuild.exe.42130ed.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 7.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 7.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 7.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.1.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.16ecf40.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1196210.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.1428f48.5.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.147e008.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.147e008.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.147e008.6.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.147e008.6.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.147e008.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 1.2.MSBuild.exe.59f4629.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.MSBuild.exe.59f4629.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.MSBuild.exe.59f4629.5.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 1.2.MSBuild.exe.59f4629.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 7.2.MSBuild.exe.420eac4.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.MSBuild.exe.420eac4.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.MSBuild.exe.420eac4.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 7.2.MSBuild.exe.420eac4.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.6.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 1.2.MSBuild.exe.2dd16f8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.MSBuild.exe.2dd16f8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.MSBuild.exe.2dd16f8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 1.2.MSBuild.exe.2dd16f8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 6.3.znytpstdcrwsisx.exe.14568c0.5.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.14183d8.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.14183d8.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.14183d8.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.14183d8.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.13db7e0.1.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.13db7e0.1.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.13db7e0.1.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.13db7e0.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.11c1e50.2.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.11c1e50.2.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.11c1e50.2.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.3.Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe.11c1e50.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000006.00000003.407208526.000000000175C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000003.407208526.000000000175C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000003.407208526.000000000175C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000006.00000003.409346361.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000003.409346361.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000003.409346361.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000000.00000003.383770715.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000003.383770715.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.383770715.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000000.00000003.384143061.0000000001195000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000003.384143061.0000000001195000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.384143061.0000000001195000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000000.00000003.382325169.0000000001197000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000003.382325169.0000000001197000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.382325169.0000000001197000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000000.00000003.383002021.00000000014E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000003.383002021.00000000014E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.383002021.00000000014E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000000.00000003.382620539.0000000001428000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000003.382620539.0000000001428000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.382620539.0000000001428000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000000.00000003.382379627.0000000001429000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000003.382379627.0000000001429000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.382379627.0000000001429000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000000.00000003.383032344.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000003.383032344.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.383032344.0000000004FF1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000006.00000003.407143398.000000000178F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000003.407143398.000000000178F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000003.407143398.000000000178F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000006.00000003.407063143.0000000004541000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000003.407063143.0000000004541000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000003.407063143.0000000004541000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000000.00000003.382518683.0000000001197000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000003.382518683.0000000001197000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.382518683.0000000001197000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000007.00000002.421398026.00000000031C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000007.00000002.421398026.00000000031C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000007.00000002.420789152.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000007.00000002.420789152.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000007.00000002.420789152.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000006.00000003.405134959.00000000016ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000003.405134959.00000000016ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000003.405134959.00000000016ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000006.00000003.409265675.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000003.409265675.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000003.409265675.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000006.00000003.407268539.0000000001729000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000003.407268539.0000000001729000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000003.407268539.0000000001729000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000001.00000002.630789913.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000000.00000003.387268383.0000000001196000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000003.387268383.0000000001196000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.387268383.0000000001196000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000001.00000002.634788699.00000000059F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000001.00000002.634788699.00000000059F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000001.00000002.634788699.00000000059F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 00000001.00000002.634788699.00000000059F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000000.00000003.383592412.0000000001419000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000003.383592412.0000000001419000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.383592412.0000000001419000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000006.00000003.405268351.000000000172A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000003.405268351.000000000172A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000003.405268351.000000000172A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000001.00000002.634649068.0000000005640000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000001.00000002.634649068.0000000005640000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000001.00000002.634649068.0000000005640000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 00000001.00000002.634649068.0000000005640000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000006.00000003.405858359.00000000016BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000003.405858359.00000000016BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000003.405858359.00000000016BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000000.00000003.382557238.00000000013C2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000003.382557238.00000000013C2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.382557238.00000000013C2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000000.00000003.383733827.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000003.383733827.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.383733827.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000006.00000003.405433292.00000000016EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000003.405433292.00000000016EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000003.405433292.00000000016EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000006.00000003.409440308.0000000001457000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000003.409440308.0000000001457000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000003.409440308.0000000001457000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000006.00000003.409174074.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000003.409174074.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000003.409174074.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000006.00000003.406996996.0000000001687000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000003.406996996.0000000001687000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000003.406996996.0000000001687000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000006.00000003.405084980.0000000001457000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000003.405084980.0000000001457000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000003.405084980.0000000001457000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000006.00000003.409044743.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000003.409044743.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000003.409044743.0000000001431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000000.00000003.382477117.000000000145C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000003.382477117.000000000145C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.382477117.000000000145C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000006.00000003.405355044.0000000001687000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000003.405355044.0000000001687000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000006.00000003.405355044.0000000001687000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000000.00000003.383509738.000000000144C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000003.383509738.000000000144C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.383509738.000000000144C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000007.00000002.421501770.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000007.00000002.421501770.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: Process Memory Space: Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe PID: 7044, type: MEMORYSTR |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: Process Memory Space: Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe PID: 7044, type: MEMORYSTR |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: Backdoor.MSIL.NanoBot.betf-d2a573edc893e24fbf.exe PID: 7044, type: MEMORYSTR |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: Process Memory Space: MSBuild.exe PID: 5980, type: MEMORYSTR |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: MSBuild.exe PID: 5980, type: MEMORYSTR |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: Process Memory Space: znytpstdcrwsisx.exe PID: 5292, type: MEMORYSTR |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: Process Memory Space: znytpstdcrwsisx.exe PID: 5292, type: MEMORYSTR |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: znytpstdcrwsisx.exe PID: 5292, type: MEMORYSTR |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: Process Memory Space: MSBuild.exe PID: 5944, type: MEMORYSTR |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: Process Memory Space: MSBuild.exe PID: 5944, type: MEMORYSTR |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: MSBuild.exe PID: 5944, type: MEMORYSTR |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\znytpstdcrwsisx.fr.url, type: DROPPED |
Matched rule: Methodology_Suspicious_Shortcut_Local_URL author = @itsreallynick (Nick Carr), @QW5kcmV3 (Andrew Thompson), description = Detects local script usage for .URL persistence, score = 27.09.2019, reference = https://twitter.com/cglyer/status/1176184798248919044 |