Is Aquila (Dmitry) from WASM Forum Community the Author of the Carberp Banking Malware?

AndyC 17 April 2026

The post Is Aquila (Dmitry) from WASM Forum Community the Author of the Carberp Banking Malware? appeared first on Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge.

[…Keep reading]

Is Aquila (Dmitry) from WASM Forum Community the Author of the Carberp Banking Malware?

Is Aquila (Dmitry) from WASM Forum Community the Author of the Carberp Banking Malware?

The post Is Aquila (Dmitry) from WASM Forum Community the Author of the Carberp Banking Malware? appeared first on Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge.

Dear blog readers,
I recently did something very interesting and I decided to share my results and findings.
What I did was the following. While doing a  technical collection round for malicious software I came across to Carberp’s source where I decided to take a peek and found out some pretty interesting and relevant personally attributable IoCs (Indicators of Compromise) which led me to further pursue an OSINT enrichment process which led me to believe and conclude that there’s a high probability that Aquilla (Dmitry) from the WASM forum community could be one of the main authors of the Carberp banking trojan.
The most interesting part of this technical collection round which then turned into IoCs extraction and then OSINT enrichment based on the successfully found hardcoded IoCs in Carberp’s publicly accessible and leaked source code is that I think I have managed to establish a direct connection between the hardcoded C&Cs and Is Aquila (Dmitry) from the WASM forum community.
Here’s the interesting part and the actual hardcoded C&C IoCs I found in Carberp’s publicly accessible source code:

hxxp://178.63.11.137 (Primary test C2)hxxp://94.240.148.127 (Alt configuration node parsing `/cfg/passw.plug`)
Payload Drop Zones & Telemetry:hxxp://apartman-adriana.com (http://…/temp/DrClient.dll) – Email: [email protected]hxxp://56tgvr.info

We then have an interesting connection for one of the IoCs (hxxp://178.63.11.137) which appears to have been known to be responding to the email server for the WASM forum community which based on additional analysis appear to have been managed and operated and actually owned by Aquila also known as Dmitry (Email: [email protected]; [email protected]; hxxp://dimon.ru).
Related domain registrations for Aquila:
hxxp://symbolographia.comhxxp://wasm.sitehxxp://posthumanism.info

Related screenshot:

*** This is a Security Bloggers Network syndicated blog from Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge authored by Dancho Danchev. Read the original post at: https://ddanchev.blogspot.com/2026/04/is-aquila-dmitry-from-wasm-forum.html

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , ,

What do you feel about this?

More Stories

How Creators Can Build Secure and Trusted Platforms

How Creators Can Build Secure and Trusted Platforms

AndyC 17 April 2026
How to Strengthen Digital Security in Schools Without Slowing Down Learning  

How to Strengthen Digital Security in Schools Without Slowing Down Learning  

AndyC 17 April 2026
Microsoft’s Windows Recall still allows silent data extraction

When AI Writes Code, Who Governs the Dependencies?

AndyC 17 April 2026
Business Logic Flaws: The Silent Threat in Modern Web Applications 

AI and Executive Protection: New Risks, New Defenses 

AndyC 16 April 2026
CAIS

Stop Planning. Start Learning. That’s the AI Playbook That’s Actually Working.

AndyC 16 April 2026
Microsoft Teams cheat sheet: How to get started

How to Implement Passwordless Authentication Without Replacing Your Existing Identity Stack

AndyC 16 April 2026

You may have missed

Smashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothing

Smashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothing

AndyC 17 April 2026
Is Aquila (Dmitry) from WASM Forum Community the Author of the Carberp Banking Malware?

Is Aquila (Dmitry) from WASM Forum Community the Author of the Carberp Banking Malware?

AndyC 17 April 2026
How Creators Can Build Secure and Trusted Platforms

How Creators Can Build Secure and Trusted Platforms

AndyC 17 April 2026
How to Strengthen Digital Security in Schools Without Slowing Down Learning  

How to Strengthen Digital Security in Schools Without Slowing Down Learning  

AndyC 17 April 2026
Microsoft’s Windows Recall still allows silent data extraction

When AI Writes Code, Who Governs the Dependencies?

AndyC 17 April 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.