| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Actor(s): APT33, The Gorgon Group
Nanocore is a Remote Access Tool used to steal credentials and to spy on cameras. It as been used for a while by numerous criminal actors as well as by nation state threat actors.
| 2025-02-27
⋅
Medium b.magnezi
⋅
NanoCore Malware Analysis Nanocore RAT |
| 2024-09-03
⋅
Twitter (@embee_research)
⋅
Advanced Cyberchef Techniques - Defeating Nanocore Obfuscation With Math and Flow Control Nanocore RAT |
| 2024-05-14
⋅
Check Point Research
⋅
Foxit PDF “Flawed Design” Exploitation Rafel RAT Agent Tesla AsyncRAT DCRat DONOT Nanocore RAT NjRAT Pony Remcos Venom RAT XWorm |
| 2023-10-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2023 FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar |
| 2023-10-12
⋅
Cluster25
⋅
CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations Agent Tesla Crimson RAT Nanocore RAT SmokeLoader |
| 2023-09-21
⋅
Medium shaddy43
⋅
Secrets of commercial RATs! NanoCore dissected Nanocore RAT |
| 2023-04-10
⋅
Check Point
⋅
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee |
| 2023-02-03
⋅
Cloudsek
⋅
Threat Actors Abuse AI-Generated Youtube Videos to Spread Stealer Malware Alfonso Stealer Bandit Stealer Cameleon Fabookie Lumma Stealer Nanocore RAT Panda Stealer RecordBreaker RedLine Stealer Stealc STOP Vidar zgRAT |
| 2023-01-09
⋅
YouTube (Embee Research)
⋅
Malware Analysis - VBS Decoding With Cyberchef (Nanocore Loader) Nanocore RAT |
| 2022-10-13
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
| 2022-08-30
⋅
Medium the_abjuri5t
⋅
NanoCore RAT Hunting Guide Nanocore RAT |
| 2022-08-17
⋅
Secureworks
⋅
DarkTortilla Malware Analysis Agent Tesla AsyncRAT Cobalt Strike DarkTortilla Nanocore RAT RedLine Stealer |
| 2022-08-17
⋅
⋅
360
⋅
Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East SpyNote Loda Nanocore RAT NjRAT |
| 2022-05-19
⋅
Blackberry
⋅
.NET Stubs: Sowing the Seeds of Discord (PureCrypter) Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate |
| 2022-05-12
⋅
Morphisec
⋅
New SYK Crypter Distributed Via Discord AsyncRAT Ave Maria Nanocore RAT NjRAT Quasar RAT RedLine Stealer |
| 2022-04-26
⋅
Trend Micro
⋅
How Cybercriminals Abuse Cloud Tunneling Services AsyncRAT Cobalt Strike DarkComet Meterpreter Nanocore RAT |
| 2022-04-15
⋅
Center for Internet Security
⋅
Top 10 Malware March 2022 Mirai Shlayer Agent Tesla Ghost RAT Nanocore RAT SectopRAT solarmarker Zeus |
| 2022-03-27
⋅
Medium M3H51N
⋅
Malware Analysis — NanoCore Rat Nanocore RAT |
| 2022-03-01
⋅
VirusTotal
⋅
VirusTotal's 2021 Malware Trends Report Anubis AsyncRAT BlackMatter Cobalt Strike DanaBot Dridex Khonsari MimiKatz Mirai Nanocore RAT Orcus RAT |
| 2022-02-08
⋅
Intel 471
⋅
PrivateLoader: The first step in many malware schemes Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar |
| 2022-02-07
⋅
RiskIQ
⋅
RiskIQ: Malicious Infrastructure Connected to Particular Windows Host Certificates AsyncRAT BitRAT Nanocore RAT |
| 2022-01-12
⋅
Cisco
⋅
Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure AsyncRAT Nanocore RAT NetWire RC |
| 2021-12-13
⋅
RiskIQ
⋅
RiskIQ: Connections between Nanocore, Netwire, and AsyncRAT and Vjw0rm dynamic DNS C2 infrastructure AsyncRAT Nanocore RAT NetWire RC Vjw0rm |
| 2021-11-29
⋅
Trend Micro
⋅
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos |
| 2021-10-27
⋅
Proofpoint
⋅
New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns Nanocore RAT Remcos TA2722 |
| 2021-09-20
⋅
Trend Micro
⋅
Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads Ave Maria BitRAT LimeRAT Nanocore RAT NjRAT Quasar RAT |
| 2021-09-03
⋅
Trend Micro
⋅
The State of SSL/TLS Certificate Usage in Malware C&C Communications AdWind ostap AsyncRAT BazarBackdoor BitRAT Buer Chthonic CloudEyE Cobalt Strike DCRat Dridex FindPOS GootKit Gozi IcedID ISFB Nanocore RAT Orcus RAT PandaBanker Qadars QakBot Quasar RAT Rockloader ServHelper Shifu SManager TorrentLocker TrickBot Vawtrak Zeus Zloader |
| 2021-07-12
⋅
Cipher Tech Solutions
⋅
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
| 2021-07-12
⋅
IBM
⋅
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
| 2021-05-05
⋅
Zscaler
⋅
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos |
| 2021-04-21
⋅
Talos
⋅
A year of Fajan evolution and Bloomberg themed campaigns MASS Logger Nanocore RAT NetWire RC Revenge RAT XpertRAT |
| 2021-03-11
⋅
Trustwave
⋅
Image File Trickery Part II: Fake Icon Delivers NanoCore Nanocore RAT |
| 2021-02-25
⋅
Intezer
⋅
Year of the Gopher A 2020 Go Malware Round-Up NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy |
| 2020-12-21
⋅
Cisco Talos
⋅
2020: The year in malware WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader |
| 2020-12-10
⋅
US-CERT
⋅
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus |
| 2020-11-18
⋅
G Data
⋅
Business as usual: Criminal Activities in Times of a Global Pandemic Agent Tesla Nanocore RAT NetWire RC Remcos |
| 2020-09-18
⋅
Symantec
⋅
Elfin: Latest U.S. Indictments Appear to Target Iranian Espionage Group Nanocore RAT |
| 2020-09-17
⋅
FBI
⋅
FBI PIN Number 20200917-001: IRGC-Associated Cyber Operations Against US Company Networks MimiKatz Nanocore RAT |
| 2020-09-10
⋅
Medium mariohenkel
⋅
Decrypting NanoCore config and dump all plugins Nanocore RAT |
| 2020-08-26
⋅
Proofpoint
⋅
Threat Actor Profile: TA2719 Uses Colorful Lures to Deliver RATs in Local Languages AsyncRAT Nanocore RAT TA2719 |
| 2020-07-30
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2020 AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader |
| 2020-06-07
⋅
Zero2Automated Blog
⋅
Dealing with Obfuscated Macros, Statically - NanoCore Nanocore RAT |
| 2020-05-26
⋅
CrowdStrike
⋅
Weaponized Disk Image Files: Analysis, Trends and Remediation Nanocore RAT |
| 2020-05-14
⋅
360 Total Security
⋅
Vendetta - new threat actor from Europe Nanocore RAT Remcos |
| 2020-04-15
⋅
Zscaler
⋅
Multistage FreeDom loader used in Aggah Campaign to spread Nanocore and AZORult Azorult Nanocore RAT |
| 2020-04-04
⋅
MalwareInDepth
⋅
Nanocore & CypherIT Nanocore RAT |
| 2020-04-01
⋅
Cisco
⋅
Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors Azorult CloudEyE Formbook KPOT Stealer Metamorfo Nanocore RAT NetWire RC TrickBot |
| 2020-03-20
⋅
Bitdefender
⋅
5 Times More Coronavirus-themed Malware Reports during March ostap HawkEye Keylogger Koadic Loki Password Stealer (PWS) Nanocore RAT Remcos |
| 2020-02-13
⋅
Talos
⋅
Threat actors attempt to capitalize on coronavirus outbreak Emotet Nanocore RAT Parallax RAT |
| 2020-01-19
⋅
360
⋅
BayWorld event, Cyber Attack Against Foreign Trade Industry Azorult Formbook Nanocore RAT Revenge RAT |
| 2020-01-01
⋅
Secureworks
⋅
COBALT TRINITY POWERTON pupy Imminent Monitor RAT Koadic Nanocore RAT NetWire RC PoshC2 APT33 |
| 2019-09-26
⋅
Proofpoint
⋅
New WhiteShadow downloader uses Microsoft SQL to retrieve malware WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos |
| 2019-09-19
⋅
NSHC
⋅
Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore Nanocore RAT Revenge RAT |
| 2019-08-25
⋅
Github (threatland)
⋅
Nanocor Sample Nanocore RAT |
| 2019-05-05
⋅
GoggleHeadedHacker Blog
⋅
Unpacking NanoCore Sample Using AutoIT Nanocore RAT |
| 2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33 |
| 2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33 |
| 2018-08-02
⋅
Palo Alto Networks Unit 42
⋅
The Gorgon Group: Slithering Between Nation State and Cybercrime Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT |
| 2018-02-26
⋅
Bleeping Computer
⋅
Nanocore RAT Author Gets 33 Months in Prison Nanocore RAT |
| 2017-09-20
⋅
FireEye
⋅
Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware DROPSHOT Nanocore RAT NetWire RC SHAPESHIFT TURNEDUP APT33 |