| SYMBOL | COMMON_NAME | aka. SYNONYMS |
CoralRaider is a financially motivated threat actor of Vietnamese origin, targeting victims in Asian and Southeast Asian countries since at least 2023. They use the RotBot loader family and XClient stealer to steal victim information, with hardcoded Vietnamese words in their payloads. CoralRaider operates from Hanoi, Vietnam, and uses a Telegram bot as a C2 channel for their malicious campaigns. Their activities include system reconnaissance, data exfiltration, and targeting victims in multiple countries in the region.
There are currently no families associated with this actor.
| 2024-04-04
⋅
Cisco Talos
⋅
CoralRaider targets victims’ data and social media accounts CoralRaider |