Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 12:41:15 UTC
Home > List all groups > List all tools > List all groups using tool CoreBot
 Tool: CoreBot
Names CoreBot
Category Malware
Type Credential stealer
Description
(IBM) CoreBot appears to be quite modular, which means that its structure and internal
makeup were programmed in a way that allows for the easy adding of new data theft and
endpoint control mechanisms.
CoreBot was discovered while the researchers were studying the activity of malware on
Trusteer-protected enterprise endpoints. The malware’s compiled file was named “core”
by its developer. Antivirus engines do not specify this malware’s name yet and detect it
under generic names such as Dynamer!ac or Eldorado. But while CoreBot may appear
artless at first glance, without real-time theft capabilities, it is more interesting on the
inside.
Information
Malpedia AlienVault OTX Last change to this tool card: 13 May 2020
Download this tool card in JSON format
All groups using tool CoreBot
Changed Name Country Observed
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=91666db0-93e4-47ab-974f-277a3e19b707
Page 1 of 2

Other groups
  Boson Spider [Unknown] 2015-Nov 2017  
1 group listed (0 APT, 1 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=91666db0-93e4-47ab-974f-277a3e19b707
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=91666db0-93e4-47ab-974f-277a3e19b707
Page 2 of 2