Kegotip

Description

(IBM) One of Kegotip’s main functions is scraping email addresses from hard drives of endpoints it infects, even crossing to additional partitions on the endpoint. This generates quite a handsome bounty for its operators, likely in the form of the Necurs botnet itself, which then uses these addresses in its spam runs. Kegotip has been appearing alongside Dridex and Locky infections since April 2016, either via the RockLoader or Upatre.

Names

Name
Kegotip

Type

Info stealer

Information

https://securityintelligence.com/the-necurs-botnet-a-pandoras-box-of-malicious-spam/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.kegotip

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:kegotip

Other Information

Uuid

9863262f-6f94-4272-9e17-9b5799115a85

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

Kegotip

Kegotip

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks