NanoCore hunter: tracking NanoCore servers and watching behavior of RAT operators for 180 days
Takashi Matsumoto 🗣 | Yu Tsuda 🗣 | Nobuyuki Kanaya 🗣 | Masaki Kubo | Daisuke Inoue
NanoCore RAT, which first appeared in 2013, is still actively used in 2020 for its highly functional and user-friendly interace. Around Feburary to March in 2020, NanoCore RAT was used in the malspam campaign on COVID-19. We managed to sinkhole the NanoCore C&C domain and have monitored the liveliness of NanoCore C&C servers. We also experimented luring NanoCore operators into our mimetic enterprise network and succeeded in monitoring the actual behavior of live NanoCore operators.