Malware: NanoCore

Description

[NanoCore](https://attack.mitre.org/software/S0336) is a modular remote access tool developed in .NET that can be used to spy on victims and steal information. It has been used by threat actors since 2013.(Citation: DigiTrust NanoCore Jan 2017)(Citation: Cofense NanoCore Mar 2018)(Citation: PaloAlto NanoCore Feb 2016)(Citation: Unit 42 Gorgon Group Aug 2018)

External References

• mitre-attack
• Unit 42 Gorgon Group Aug 2018
• PaloAlto NanoCore Feb 2016
• Cofense NanoCore Mar 2018
• DigiTrust NanoCore Jan 2017

Techniques Used by This Malware

• T1016 — System Network Configuration Discovery
• T1027 — Obfuscated Files or Information
• T1056.001 — Keylogging
• T1059.003 — Windows Command Shell
• T1059.005 — Visual Basic
• T1105 — Ingress Tool Transfer
• T1112 — Modify Registry
• T1123 — Audio Capture
• T1125 — Video Capture
• T1547.001 — Registry Run Keys / Startup Folder
• T1562.001 — Disable or Modify Tools
• T1562.004 — Disable or Modify System Firewall
• T1573.001 — Symmetric Cryptography

APT Groups Using This Malware

• Group5
• Gorgon Group
• APT33
• SilverTerrier