NanoCore RAT 1.2.2.0 Leaked Build
Jun 18, 2016
This archive contains a cracked/leaked build of NanoCore RAT (Remote Access Trojan) version 1.2.2.0, cracked by 'Alcatraz3222'. It includes the NanoCore server executable, plugin files (surveillance, management, network, security, tools), SQLite databases for victim tracking (connections, geolocation, ports), and a server log showing usage on June 18, 2016. This is not a traditional data breach of a company but rather a leaked malware tool with its associated infrastructure databases. The main database schema includes columns for tracking infected victims: IP address, country, OS, CPU, RAM, active window, antivirus status, etc.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
NanoCore_1.2.2.0__Databases__geolocation__ip2nation.csv1 column0 rows
File structure
Format: CSV·Delimiter: comma·Has header: yes·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 1 | country | high | [1] header 'country', values are 2-letter ISO country codes (us, za, eg, etc.) |
Notes: This file contains NanoCore RAT victim tracking data. Column [0] 'ip' is a network identifier (IP address converted to numeric form) and is excluded per EXCLUSION RULES. Only column [1] 'country' maps to PII field. The numeric IP values (0, 687865856, etc.) are geolocation IP addresses in integer format — these are network identifiers, not personal information, and are treated as skip per exclusion rules for ip_address patterns.
NanoCore_1.2.2.0__Databases__geolocation__ip2nationcountries.csv1 column0 rows
File structure
Format: CSV·Delimiter: comma·Has header: yes·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 4 | country | high | [4] header 'country', values are country names (Andorra, United Arab Emirates, Afghanistan, etc.) |
Notes: This is a geolocation reference table mapping ISO country codes to country names and coordinates. Column 4 contains country names (PII context: geolocation data used to map victim locations in NanoCore RAT infrastructure). Columns 0-3 and 5-6 are ISO codes and coordinates—geographic reference data, not personal PII. No personal identifiable information (names, emails, phones, addresses, SSN, DOB, etc.) is present in this file.
NanoCore_1.2.2.0__Databases__main__columns.csv1 column0 rows
File structure
Format: CSV·Delimiter: comma·Has header: yes·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 1 | country | high | [1] header 'Country', contains geolocation data for infected victims |
Notes: This is a malware victim tracking database (NanoCore RAT infrastructure), not a traditional PII breach. Most columns are system telemetry (IP, OS, CPU, RAM, antivirus status, timestamps, ports). Only 'Country' maps to a PII field. 'Identity' appears to be an internal victim identifier (skip). All other columns are technical infrastructure data (skip). File is structured CSV with system monitoring metadata.
NanoCore_1.2.2.0__server.log.csv2 rows
File structure
Notes: Pre-LLM auto-detection: free-form text with visible emails / phones