NanoCore hunter: tracking NanoCore servers and watching behavior of RAT operators for 180 days

Botconf 2020
2023-04-25 | 13:30 – 14:00

Takashi Matsumoto 🗣 | Yu Tsuda 🗣 | Nobuyuki Kanaya 🗣 | Masaki Kubo | Daisuke Inoue

NanoCore RAT, which first appeared in 2013, is still actively used in 2020 for its highly functional and user-friendly interace. Around Feburary to March in 2020, NanoCore RAT was used in the malspam campaign on COVID-19. We managed to sinkhole the NanoCore C&C domain and have monitored the liveliness of NanoCore C&C servers. We also experimented luring NanoCore operators into our mimetic enterprise network and succeeded in monitoring the actual behavior of live NanoCore operators.

Scroll to Top