{"id":24460,"date":"2019-01-16T13:35:39","date_gmt":"2019-01-16T13:35:39","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/29724\/NanoCore-Trojan-Is-Protected-In-Memory-From-Being-Killed-Off.html"},"modified":"2019-01-16T13:35:39","modified_gmt":"2019-01-16T13:35:39","slug":"nanocore-trojan-is-protected-in-memory-from-being-killed-off","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/","title":{"rendered":"NanoCore Trojan Is Protected In Memory From Being Killed Off"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/zdnet4.cbsistatic.com\/hub\/i\/r\/2019\/01\/16\/17f9b60b-20f8-4c6b-9bbe-4bf66baf931b\/thumbnail\/770x578\/b5b5be4f8beb485d696ed1811b3eacd4\/screenshot-2019-01-16-at-10-27-30.png\" class=\"ff-og-image-inserted\"\/><\/div>\n<p>The NanoCore Remote Access Trojan (RAT) is being spread through malicious documents and uses an interesting technique to keep its process running and prevent victims from manually killing the system, researchers say.<\/p>\n<div class=\"relatedContent alignRight\">\n<h3 class=\"heading\"><span class=\"int\">More security news<\/span><\/h3>\n<\/div>\n<p>The cybersecurity team from <a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/-net-rat-malware-being-spread-by-ms-word-documents.html\" target=\"_blank\" rel=\"noopener noreferrer\">Fortinet recently captured<\/a> a sample relating to the spread of NanoCore RAT in the form of a malicious Microsoft Word document.<\/p>\n<p>Developed in the .Net framework under an author known as &#8220;Taylor Huddleston,&#8221; the Trojan has landed its operator in jail for peddling the malware on underground forums.<\/p>\n<p>While the Arkansas man is due to serve close to <a href=\"https:\/\/arstechnica.com\/tech-policy\/2018\/02\/developer-of-the-prolific-nanocore-backdoor-gets-prison\/\" target=\"_blank\" rel=\"noopener noreferrer\">three years in prison<\/a>, his legacy continues on in the wild without his influence.<\/p>\n<p>The malicious document, &#8220;eml_-_PO20180921.doc,&#8221; is spread via phishing campaigns and contains auto-executable malicious, obfuscated VBA code which initiates the Trojan.<\/p>\n<p>If opened, the document contains a security warning at the top informing the would-be victim that macros have been disabled, but should that individual click &#8220;enable content,&#8221; the infection process begins.<\/p>\n<p>According to Fortinet, the NanoCore Trojan, in its latest 1.2.2.0 version, is downloaded from the <em>wwpdubai.com<\/em> domain as part of an .exe file which is then saved in a Windows temporary folder.<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_ZD_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p><strong>See also:\u00a0<\/strong><a href=\"https:\/\/www.zdnet.com\/article\/police-cant-force-us-citizens-to-unlock-their-phone-by-face-or-finger\/\" target=\"_blank\">Police can&#8217;t force you to unlock your phone by iris, face or finger<\/a><\/p>\n<p>The file, CUVJN.exe, calls a daemon process. However, before this process begins, the executable will check to see if the process already exists and whether or not Avast antivirus software is running.<\/p>\n<p>If the infected system passes these checks, the code will then extract an archive within the executable and retrieve a PE file which is the actual NanoCore RAT.<\/p>\n<p>Two processes will be running at this stage; Netprotocol.exe, which is a copy of CUVJN.exe and is the daemon designed to unzip NanoCore, alongside dll.exe, which is a very interesting daemon process in itself.<\/p>\n<p>Dll.exe is designed to keep the Trojan running. The process starts netprotocol.exe, injects NanoCore into memory, and runs the code. One of the process&#8217; classes is called &#8220;ProtectMe&#8221; with a function &#8220;ProtectMe.Protect()&#8221; which prevents the process from being killed off by the victim.<\/p>\n<p><strong>CNET:\u00a0<\/strong><a href=\"https:\/\/www.cnet.com\/news\/fccs-ajit-pai-wont-meet-congress-about-phone-tracking-scandal\/\" target=\"_blank\" rel=\"noopener noreferrer\">FCC&#8217;s Ajit Pai won&#8217;t meet Congress about phone-tracking scandal<\/a><\/p>\n<p>During testing, Fortinet researchers could not kill the netprotocol.exe process at all &#8212; despite it not being a system service or containing higher privileges than the user.<\/p>\n<p>It turns out that the process uses a function called ZwSetInformationProcess, from NTDLL.dll, is able to modify the state of the process and prevent it from being disabled.<\/p>\n<p>&#8220;There is a function named &#8220;RunPE.doIt()&#8221; that is used to run and protect the NanoCore RAT client. It calls the API CreateProcessA to start a new &#8220;netprotocol.exe&#8221; and then suspends it,&#8221; the researchers say. &#8220;Next, it allocates memory in the new &#8220;netprotocol.exe&#8221; and puts the entire NanoCore into the newly allocated memory using the API WriteProcessMemory. Finally, it modifies the entry point of the thread context to NanoCore&#8217;s entry point and resumes NanoCore running inside the second &#8220;netprotocol.exe&#8221; by calling the API ResumeThread.&#8221;<\/p>\n<p><strong>TechRepublic<\/strong>:\u00a0<a href=\"https:\/\/www.techrepublic.com\/article\/smart-building-security-flaws-leave-schools-hospitals-at-risk\/\" target=\"_blank\" rel=\"noopener noreferrer\">Smart building security flaws leave schools, hospitals at risk<\/a><\/p>\n<p>First <a href=\"https:\/\/www.symantec.com\/connect\/blogs\/nanocore-another-rat-tries-make-it-out-gutter\" target=\"_blank\" rel=\"noopener noreferrer\">discovered in 2013<\/a>, NanoCore is a rather nasty piece of malware which is able to perform a variety of functions. These include a keylogger, a password stealer which can remotely pass along data to the malware&#8217;s operator, the ability to tamper with and view footage from webcams, screen locking, the download and theft of files, and more.<\/p>\n<p>The latest version of the Trojan was released in 2015 with premium plugins included, before the arrest of the operator in 2016.<\/p>\n<h3>Previous and related coverage<\/h3>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/29724\/NanoCore-Trojan-Is-Protected-In-Memory-From-Being-Killed-Off.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":24461,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[5522],"class_list":["post-24460","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinemalwaretrojan"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>NanoCore Trojan Is Protected In Memory From Being Killed Off 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NanoCore Trojan Is Protected In Memory From Being Killed Off 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-01-16T13:35:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/01\/nanocore-trojan-is-protected-in-memory-from-being-killed-off.png\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"578\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"NanoCore Trojan Is Protected In Memory From Being Killed Off\",\"datePublished\":\"2019-01-16T13:35:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\\\/\"},\"wordCount\":619,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/nanocore-trojan-is-protected-in-memory-from-being-killed-off.png\",\"keywords\":[\"headline,malware,trojan\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\\\/\",\"name\":\"NanoCore Trojan Is Protected In Memory From Being Killed Off 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/nanocore-trojan-is-protected-in-memory-from-being-killed-off.png\",\"datePublished\":\"2019-01-16T13:35:39+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/nanocore-trojan-is-protected-in-memory-from-being-killed-off.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/nanocore-trojan-is-protected-in-memory-from-being-killed-off.png\",\"width\":770,\"height\":578},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,malware,trojan\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemalwaretrojan\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"NanoCore Trojan Is Protected In Memory From Being Killed Off\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NanoCore Trojan Is Protected In Memory From Being Killed Off 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/","og_locale":"en_US","og_type":"article","og_title":"NanoCore Trojan Is Protected In Memory From Being Killed Off 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-01-16T13:35:39+00:00","og_image":[{"width":770,"height":578,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/01\/nanocore-trojan-is-protected-in-memory-from-being-killed-off.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"NanoCore Trojan Is Protected In Memory From Being Killed Off","datePublished":"2019-01-16T13:35:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/"},"wordCount":619,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/01\/nanocore-trojan-is-protected-in-memory-from-being-killed-off.png","keywords":["headline,malware,trojan"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/","url":"https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/","name":"NanoCore Trojan Is Protected In Memory From Being Killed Off 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/01\/nanocore-trojan-is-protected-in-memory-from-being-killed-off.png","datePublished":"2019-01-16T13:35:39+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/01\/nanocore-trojan-is-protected-in-memory-from-being-killed-off.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/01\/nanocore-trojan-is-protected-in-memory-from-being-killed-off.png","width":770,"height":578},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/nanocore-trojan-is-protected-in-memory-from-being-killed-off\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,malware,trojan","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwaretrojan\/"},{"@type":"ListItem","position":3,"name":"NanoCore Trojan Is Protected In Memory From Being Killed Off"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/24460","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=24460"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/24460\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/24461"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=24460"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=24460"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=24460"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}