We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:MSIL/NanoCore.TG!MTB
Aliases: No associated aliases
Summary
NanoCore is a second-stage malware classified as a remote access trojan (RAT) that helps attackers to perform remote code execution (RCE) on a compromised device.
Once installed, attackers can use it to perform various tasks, such as installing malicious files and establishing communication with a command-and-control (C2) server.
This trojan also attempts to run secondary objectives like data exfiltration and lateral movement.
For information about NanoCore and other human-operated malware campaigns, read these blog posts:
Keep your applications, especially security software, updated. Use Microsoft Defender for regular system scans and removal of detections or potential threats.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
Devices infected by this trojan might be severely compromised and require complete restoration. Consider restoring your device. When restoring data, ensure that it is a clean, uninfected copy.
