Names | Krasue | |
Category | Malware | |
Type | Rootkit, Backdoor, Info stealer | |
Description | (Group-IB) Earlier this year, the Group-IB Threat Intelligence unit uncovered a Linux Remote Access Trojan (RAT) that has managed to fly under the radar for a long time. Group-IB researchers discovered that this malware, which was first registered on Virustotal in 2021, has almost exclusively been used against organizations in Thailand. At the time of writing, Group-IB researchers can confirm that Krasue was used against telecommunications companies, although it has likely been leveraged in attacks against organizations in other verticals as well. Owing to the fact that Thai companies were exclusively targeted, Group-IB has decided to call this RAT Krasue, a nod to the Thai name of a nocturnal native spirit known throughout Southeast Asian folklore. Krasue, who is said to hover in the air above the ground and is driven by extreme hunger, poses a severe risk to critical systems and sensitive data given that it is able to grant attackers remote access to the targeted network. The malware also features rootkits embedded in the binary. | |
Information | <https://www.group-ib.com/blog/krasue-rat/> |
Last change to this tool card: 16 January 2024
Download this tool card in JSON format
Previous: KPortScan
Next: KRBanker
Changed | Name | Country | Observed | ||
Unknown groups | |||||
_[ Interesting malware not linked to an actor yet ]_ |
1 group listed (0 APT, 0 other, 1 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |