Trusted Design

CoreBot activity linked to stolen information sold online

概要

From Damballa: We have been investigating several domains registered using the email address drake.lampado777@gmail[.]com. IBM Security X-Force spotted the information-stealing malware named Corebot. The Corebot’s author included the ability to add plugins to the malware in order to incorporate more features. The features are usually a specific function the malware will perform or turned the bot in, such as being a socks proxy or adding the possibility for the malware to spread via USB drives, grab certificates, or even perform DDOS. The sample analyzed by IBM Security X-Force communicates with two domains registered to drake.lampado777@gmail[.]com that are down at this time (found in OTX pulse IoCs)

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

• Online Shop Selling Account Data Linked to CoreBot Malware (score: 0.71)
• Dumping Core: Analytical Findings on Trojan.Corebot (score: 0.70)
• Ties Between Corebot and Darknet Crypt Service (score: 0.67)
• Malware delivered via Necurs botnet by DDE feature in Microsoft Word (score: 0.64)
• Uncovering Bunitu’s Secrets (score: 0.63)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る