CoralRaider
CoralRaider is a cybercrime group. Reporting cited in the provided content states that it has used the Lumma infostealer and that Cisco Talos reported the group was using a content delivery network cache to distribute LummaC2, Rhadamanthys, and Cryptbot malware to entities worldwide, including Germany and Poland. The content also notes Lumma was observed as part of the arsenal of several prominent threat actor groups, including Scattered Spider, Angry Likho, and CoralRaider. No nation-state attribution, sub-groups, or additional aliases beyond CoralRaider are provided in the source content.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Tradecraft
2 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Associated malware families
1 malware family attributed to this actor across reporting.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Referenced as a prominent threat actor group that has used the Lumma infostealer.
CoralRaider is a cybercrime group distributing info-stealing malware globally, targeting credentials, financial data, and social media accounts.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.