216.73.217.22

Malware botnet installing NiceRAT

· Published 06/06/2024 07:28 · Modified 06/06/2024 08:04

Export JSON

Essential information

Published
06/06/2024 07:28
Modified
06/06/2024 08:04
Tags
2024-06-06 botnet malware nanocore nicerat nitol
Related entities
24 observables, 12 techniques (mitre), 3 malware

Description

This report discusses a that has been active since 2019, distributing various such as , , and . The is spread through disguised cracked programs, shared on domestic file-sharing sites and blogs, posing as genuine software activators or game server tools. Once infected, the connects to command-and-control (C&C) servers and installs additional payloads like , which is a Python-based open-source remote access trojan that steals system information, browser data, and cryptocurrency wallets.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (24)

  • http://gandigod1.ddns.net:2000
  • http://gandigod.ddns.net:8080
  • http://gandigod1.ddns.net:3255
  • http://gandigod.ddns.net:3255
  • http://gandigod.ddns.net:5407
  • http://gandigod.ddns.net:54984
  • http://gandigod.codns.com:2000
  • http://gandigod.codns.com:5407
  • http://gandigod.codns.com:7481
  • gandigod1.ddns.net
  • gandigod.codns.com
  • gandigod.ddns.net
  • f97123d0450c2a436dff3d4e7c674c366833bcbf4f21ebd387dabba8737d1101
  • ebe2488e6a5a5e9512d3751ef6ba7e68c08ac072169cf9af0aed74db1f1ef1b0
  • d58355fed81b0412fb36dff5c210c70b32de67501962df3e350648835e0ae07c
  • b372d5cadca2b0b212e982615fd8df8a31322651a4057afd701dd075e85dd8e4
  • c78b22ec1a704a79847ec30404386253b2b2e48563bb7f55ccb8696cb88c60f0
  • ab5fc09447ea83e7c3f79e8817921eb2170fd2592b8d0f7d03d0934f5dad14e8
  • 787b530fe09cea2be36f78478268eed7dfd62b68b538c62e90f1de1507c8277d
  • 66744784b22d5d1698f9755cdcc226c644aec3a8cd9c551aa7aa5845ed19b614
  • 55f047455519bc3cd96322361a66cd3667293f50811afe16c553382fa443465c
  • 52991b00ba04504a2195d3a12521496170acbc1002176679bf59d3f2890e3d5d
  • 4c25df3edce36c720c3e39d5e3f93ce4035ec7857be76fc4ac9e612168210367
  • 39f06354924b3779b20223a8630a99317786906eb1216e88f2d5f58b3d38cc7f

Techniques (MITRE) (12)

Malware (3)

  • NiceRAT
    Family
    Published 13/06/2024 12:49 · Modified 13/06/2024 12:49
  • NanoCore - S0336
    Family
    Published 15/01/2026 12:03 · Modified 15/01/2026 12:03
  • Nitol
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:37 · Modified 20/12/2025 23:13

External references