Transport

Maritime-Theme Phishing Emails Spread NanoCore RAT

5 - 12 November 2019

A phishing campaign is spreading the NanoCore remote access tool using emails that look like shipping information from a reputable logistics company.
Cyber_News_Transport

A phishing campaign is spreading the NanoCore remote access tool (RAT) by using emails crafted to look like shipping information from a reputable logistics company. The spam emails contain a specially crafted ZIP attachment that has two archive structure. The first ZIP structure is for a fake order image file while the second ZIP structure is an executable that installs the NanoCore RAT. Most file extractors will only be able to extract the harmless image file and only certain versions of the PowerArchiver, WinRar, and older 7-Zip utilities are able to properly extract the NanoCore executable. Nanocore is a community RAT that is available for as little as US$25. It is modular and can incorporate features such as keylogger, data exfiltration and screen locker.

References:

Double Loaded Zip File Delivers Nanocore

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence