Nanocore RAT

Also known as: Nancrat, NanoCore

Nanocore is a Remote Access Tool used to steal credentials and to spy on cameras. It as been used for a while by numerous criminal actors as well as by nation state threat actors.

Linked Threat Actors

APT33The Gorgon Group

C2 Infrastructure

Hosting/VPS94%

Unknown6%

Last 7 days

Apr 19, 2026

C2 Hosts: 11

Apr 18, 2026

C2 Hosts: 2

Apr 17, 2026

C2 Hosts: 16

Apr 16, 2026

C2 Hosts: 1

Apr 14, 2026

C2 Hosts: 1

Daily C2 host counts for the last 7 days
Date	C2 Hosts
Apr 19, 2026	11
Apr 18, 2026	2
Apr 17, 2026	16
Apr 16, 2026	1
Apr 14, 2026	1

Further Reading

Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites

We have been tracking a campaign involving the SpyAgent malware that abuses well-known remote access tools (RATs) — namely TeamViewer — for some time now. While previous versions of the malware hav...

How Cybercriminals Abuse Cloud Tunneling Services | Trend Micro (US)

Our research examines how cloud tunneling services work and how organizations can thwart threats that abuse them.

Multistage Loader used to spread AZORult and NanoCore | blog

Multistage .NET loader used to spread AZORult and NanoCore Infostealers targeting users in Asian subcontinent, specifically South Korea and Indonesia.

Analysis of top non-HTTP/S threats | Zscaler Blog

In this article, Zscaler security research team dissect the custom protocols used in some of the most prevalent RATs seen in recent campaigns. Read more.

Affordable Malware RE Training | 0ffset Training Solutions

We assist individuals, SMEs, and F500s alike by providing professional training within the niche field of malware analysis and reverse engineering, without breaking the bank.