Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: Certificate#U00b7pdf.exe |
String found in binary or memory: http://crl.certum.pl/ctnca.crl0k |
Source: Certificate#U00b7pdf.exe |
String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l |
Source: Certificate#U00b7pdf.exe |
String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o |
Source: powershell.exe, 00000004.00000002.24020469340.0000000007620000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.28382435662.00000000051F4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: powershell.exe, 00000004.00000002.24013324789.000000000309B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.28382435662.00000000051F4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: powershell.exe, 00000004.00000002.24023428377.0000000008BA5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.mics |
Source: Certificate#U00b7pdf.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: powershell.exe, 00000004.00000002.24019197601.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000004.00000002.24015082052.0000000004DAA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000004.00000002.24015082052.0000000004DAA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png4 |
Source: Certificate#U00b7pdf.exe |
String found in binary or memory: http://repository.certum.pl/ctnca.cer09 |
Source: Certificate#U00b7pdf.exe |
String found in binary or memory: http://repository.certum.pl/ctnca2.cer09 |
Source: Certificate#U00b7pdf.exe |
String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0 |
Source: powershell.exe, 00000004.00000002.24015082052.0000000004C41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Certificate#U00b7pdf.exe |
String found in binary or memory: http://subca.ocsp-certum.com01 |
Source: Certificate#U00b7pdf.exe |
String found in binary or memory: http://subca.ocsp-certum.com02 |
Source: Certificate#U00b7pdf.exe |
String found in binary or memory: http://subca.ocsp-certum.com05 |
Source: powershell.exe, 00000004.00000002.24015082052.0000000004DAA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 00000004.00000002.24015082052.0000000004DAA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html4 |
Source: Certificate#U00b7pdf.exe |
String found in binary or memory: http://www.certum.pl/CPS0 |
Source: powershell.exe, 00000004.00000002.24020469340.0000000007620000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.28382435662.00000000051F4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.quovadis.bm0 |
Source: powershell.exe, 00000004.00000002.24015082052.0000000004C41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lB2r |
Source: powershell.exe, 00000004.00000002.24019197601.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000004.00000002.24019197601.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000004.00000002.24019197601.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: CasPol.exe, 00000005.00000002.28382435662.000000000519B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/ |
Source: CasPol.exe, 00000005.00000002.28382435662.000000000519B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/8 |
Source: CasPol.exe, 00000005.00000002.28382435662.00000000051D8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=17YCerFFQP3xEpWryCctLLABeKhxmjpC3 |
Source: CasPol.exe, 00000005.00000002.28382435662.00000000051D8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.google.com/uc?export=download&id=17YCerFFQP3xEpWryCctLLABeKhxmjpC3P |
Source: CasPol.exe, 00000005.00000002.28382435662.00000000051F4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/ |
Source: CasPol.exe, 00000005.00000002.28382435662.00000000051F4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=17YCerFFQP3xEpWryCctLLABeKhxmjpC3&export=download |
Source: powershell.exe, 00000004.00000002.24015082052.0000000004DAA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 00000004.00000002.24015082052.0000000004DAA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester4 |
Source: powershell.exe, 00000004.00000002.24019197601.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: powershell.exe, 00000004.00000002.24020469340.0000000007620000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000005.00000002.28382435662.00000000051F4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ocsp.quovadisoffshore.com0 |
Source: 5.2.CasPol.exe.244c4629.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 5.2.CasPol.exe.244c4629.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 5.2.CasPol.exe.244c4629.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 5.2.CasPol.exe.23fc0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 5.2.CasPol.exe.23fc0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 5.2.CasPol.exe.23fc0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 5.2.CasPol.exe.229f3105.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 5.2.CasPol.exe.229f3105.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 5.2.CasPol.exe.244c0000.6.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 5.2.CasPol.exe.229f3105.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 5.2.CasPol.exe.244c0000.6.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 5.2.CasPol.exe.244c0000.6.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 5.2.CasPol.exe.244c0000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 5.2.CasPol.exe.244c0000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 5.2.CasPol.exe.244c0000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 5.2.CasPol.exe.229eeadc.3.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 5.2.CasPol.exe.229eeadc.3.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 5.2.CasPol.exe.229eeadc.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 5.2.CasPol.exe.229eeadc.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 5.2.CasPol.exe.229eeadc.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 5.2.CasPol.exe.229eeadc.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 5.2.CasPol.exe.229e9ca6.1.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.2.CasPol.exe.229e9ca6.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 5.2.CasPol.exe.229e9ca6.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 5.2.CasPol.exe.229e9ca6.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 5.2.CasPol.exe.219b1858.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 5.2.CasPol.exe.219b1858.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 5.2.CasPol.exe.219b1858.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000005.00000002.28417516925.00000000229E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000005.00000002.28417516925.00000000229E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000005.00000002.28422063726.0000000023FC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000005.00000002.28422063726.0000000023FC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 00000005.00000002.28422063726.0000000023FC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000005.00000002.28422942050.00000000244C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000005.00000002.28422942050.00000000244C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects NanoCore Author: ditekSHen |
Source: 00000005.00000002.28422942050.00000000244C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 00000005.00000002.28397844456.00000000219A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: Process Memory Space: CasPol.exe PID: 1072, type: MEMORYSTR |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: CasPol.exe PID: 1072, type: MEMORYSTR |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown |
Source: 5.2.CasPol.exe.244c4629.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.CasPol.exe.244c4629.5.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 5.2.CasPol.exe.244c4629.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 5.2.CasPol.exe.23fc0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.CasPol.exe.23fc0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 5.2.CasPol.exe.23fc0000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 5.2.CasPol.exe.229f3105.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.CasPol.exe.229f3105.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 5.2.CasPol.exe.244c0000.6.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.CasPol.exe.229f3105.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 5.2.CasPol.exe.244c0000.6.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 5.2.CasPol.exe.244c0000.6.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 5.2.CasPol.exe.244c0000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.CasPol.exe.244c0000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 5.2.CasPol.exe.244c0000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 5.2.CasPol.exe.229eeadc.3.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.CasPol.exe.229eeadc.3.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 5.2.CasPol.exe.229eeadc.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 5.2.CasPol.exe.229eeadc.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.CasPol.exe.229eeadc.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 5.2.CasPol.exe.229eeadc.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 5.2.CasPol.exe.229e9ca6.1.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 5.2.CasPol.exe.229e9ca6.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.CasPol.exe.229e9ca6.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 5.2.CasPol.exe.229e9ca6.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 5.2.CasPol.exe.219b1858.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.CasPol.exe.219b1858.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 5.2.CasPol.exe.219b1858.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000005.00000002.28417516925.00000000229E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000005.00000002.28417516925.00000000229E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000005.00000002.28422063726.0000000023FC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000005.00000002.28422063726.0000000023FC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 00000005.00000002.28422063726.0000000023FC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000005.00000002.28422942050.00000000244C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000005.00000002.28422942050.00000000244C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore |
Source: 00000005.00000002.28422942050.00000000244C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: 00000005.00000002.28397844456.00000000219A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |
Source: Process Memory Space: CasPol.exe PID: 1072, type: MEMORYSTR |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: CasPol.exe PID: 1072, type: MEMORYSTR |
Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23 |