Home > List all groups > List all tools > List all groups using tool Corkow

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Corkow

TypeBanking trojan
Description(ESET) The malware, which has been in the wild since at least 2011, has demonstrated continuous activity in the past year, infecting thousands of users. Version numbering of the various Trojan modules is another indicator that the malware authors are continually developing the trojan.

The most common infection vector – drive-by downloads – has been used to spread the malware.

This Russian tool for committing bank fraud shares many characteristics with other malware families with a similar purpose, such as Zeus (also known as Zbot), JHUHUGIT, HesperBot, or Qadars, for example, but also contains some unique functionality.

Several features, like enumeration of smart cards, targeting of dedicated banking applications mostly used by corporate customers and looking for user activity regarding online banking sites and applications, electronic trading platform sites and applications and so forth, all suggest that the attackers are focusing their sights on financial professionals and enterprises, whose bank accounts usually hold a higher balance than those of most individuals.

Last change to this tool card: 22 April 2020

Download this tool card in JSON format

Next: CosmicDuke

All groups using tool Corkow


APT groups

 Corkow, MetelRussia2011 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key