ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > List all tools > List all groups using tool KARAE

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: KARAE

TypeReconnaissance, Backdoor, Info stealer, Exfiltration
Description(FireEye) Karae backdoors are typically used as first-stage malware after an initial compromise. The backdoors can collect system information, upload and download files, and may be used to retrieve a second-stage payload. The malware uses public cloud-based storage providers for command and control.

In March 2016, KARAE malware was distributed through torrent file-sharing websites for South Korean users. During this campaign, the malware used a YouTube video downloader application as a lure.

Last change to this tool card: 23 April 2020

Download this tool card in JSON format

All groups using tool KARAE


APT groups

 Reaper, APT 37, Ricochet Chollima, ScarCruftNorth Korea2012-Mar 2022X

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]