Malware
PhantomCore
According to Cyble, PhantomCore is a backdoor utilized by the hacktivist group Head Mare.
PhantomCore is a Windows malware family.
Background
Cyble reports that PhantomCore is a backdoor wielded by the hacktivist group Head Mare. Operating since 2023, it has repeatedly focused its attacks on Russia. The malware harvests victim data, including the public IP address, to build a thorough picture of the target before dropping its final-stage payload or running further commands on the compromised machine. PhantomCore is also known to deliver ransomware such as LockBit and Babuk, causing considerable harm to victim systems.
Source: Malpedia (Fraunhofer FKIE).