IBM Security X-Force spotted the information-stealing malware named Corebot. The Corebots author included the ability to add plugins to the malware in order to incorporate more features. We were able to find domains registered using the email address drake.lampado777@gmail[.]com. One was used as a Carberp C&C and the two others hosts a TVSPY C &C. The shop is not an online shop to buy bitcoin, but an online store to buy lists of Socket Secure (socks) proxies and personally identifiable information.”]
Source: https://informationsecuritybuzz.com/articles/stolen-information-using-corebot-sold-on-btcshop-cc/