Core

Description

Core ransomware surfaced in early 2025 as a new variant within the broader Makop family. It employs a single-extortion model, focusing on encrypting files and demanding payment, without public data-leak threats. The malware appends the .core extension to encrypted files and is delivered via typical exploit vectors known to RaaS campaigns. Core does not showcase advanced double-extortion tactics seen in other modern strains, but it stands out for its familial lineage and continued evolution from Makop ancestors.

External Analysis
https://www.broadcom.com/support/security-center/protection-bulletin/core-ransomware-a-new-makop-variant
Urls
Screen
File servers
Screen
Chat servers
Screen
Admin servers
Screen