core

Also known as: core

Core ransomware surfaced in early 2025 as a new variant within the broader Makop family. It employs a single-extortion model, focusing on encrypting files and demanding payment, without public data-leak threats. The malware appends the .core extension to encrypted files and is delivered via typical exploit vectors known to RaaS campaigns. Core does not showcase advanced double-extortion tactics seen in other modern strains, but it stands out for its familial lineage and continued evolution from Makop ancestors.

📅 Activity 2017 — 2019
2017
2019

Introduction

Core ransomware surfaced in early 2025 as a new variant within the broader Makop family. It employs a single-extortion model, focusing on encrypting files and demanding payment, without public data-leak threats. The malware appends the .core extension to encrypted files and is delivered via typical exploit vectors known to RaaS campaigns. Core does not showcase advanced double-extortion tactics seen in other modern strains, but it stands out for its familial lineage and continued evolution from Makop ancestors.

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No atomic indicators are listed in this profile. The APTnotes snapshot indexes 2 public reports that may contain IOCs; see Source Attribution for dataset links.

Malware and Tools

  • Xploit:

Attribution and Evidence

Information pending cataloguing.

References

References pending cataloguing.