Watch out for CoreBot, new stealer in the wild

Jump to navigation Jump to search

(Publication) Google search: [1]

Watch out for CoreBot, new stealer in the wild
Botnet CoreBot
Botnet/malware group Banking, Stealing
Exploit kits
Feature Domain generation algorithm
Distribution vector
Operation/Working group
Date 2015 / 2015-08-28
Editor/Conference Security Intelligence
Link (Archive copy)
Author Limor Kessem, Martin Korman
Type Blogpost


That brings us to CoreBot, a new information stealer discovered and analyzed by IBM Security X-Force researchers, who indicate this is one malware piece to watch out for. CoreBot appears to be quite modular, which means that its structure and internal makeup were programmed in a way that allows for the easy adding of new data theft and endpoint control mechanisms.

CoreBot was discovered while the researchers were studying the activity of malware on Trusteer-protected enterprise endpoints. The malware’s compiled file was named “core” by its developer. Antivirus engines do not specify this malware’s name yet and detect it under generic names such as Dynamer!ac or Eldorado. But while CoreBot may appear artless at first glance, without real-time theft capabilities, it is more interesting on the inside.


   editor = {Security Intelligence},
   author = {Limor Kessem, Martin Korman},
   title = {Watch out for CoreBot, new stealer in the wild},
   date = {28},
   month = Aug,
   year = {2015},
   howpublished = {\url{}},