Is this host protected from NanoCore RAT?

CISA released an advisory in August 2022 on NanoCore RAT, which could allow an attacker to control a victim's machine. This TTP uses NanoCore's methods of adding a NanoCore exclusion in Windows Defender and enabling persistence through a scheduled task. NanoCore RAT may steal user account information, including passwords and credentials.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)