ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 2.56.56.96:111.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	391236
IOC:	2.56.56.96:111
IOC Type :	ip:port
Threat Type :	botnet_cc
Malware:	Nanocore RAT
Malware alias:	Nancrat, NanoCore
Confidence Level :	Confidence level is elevated (75%)
ASN:	AS399471 AS-DESEQUITY
Country:	NL
First seen:	2022-02-28 08:37:45 UTC
Last seen:	2023-09-27 18:40:26 UTC
UUID:	b3ca2ea1-9871-11ec-a022-42010aa4000a
Reporter	abuse_ch
Reward	5 credits from ThreatFox
Tags:	NanoCore
Reference:	https://bazaar.abuse.ch/sample/4c192fc1dc7f635c130772d20f28ae4f5457cf1472b66a12f3dc25fec4c8113b/

abuse_ch

nanocore (aka Nancrat,NanoCore) botnet C2

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-02-28 16:56:16	dae8588b604d0728a1a1ecc77096197a34ed1b22ae7de69a53f39b59e6574ffd
2022-02-28 15:21:07	7e1c04108960d9e729d34963b1541487bc29b232566a2b0e0abfb420d454645d
2022-02-28 12:16:06	c332668f26203de2c05ccb54384fb725095ce6812292f7f90285e37951ef589e
2022-02-28 09:46:13	32ed1460a90d3d0b8b062010d380c0fa9f4e945040667a692202d25a6f14592c