 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: Karkoff| Names | Karkoff MailDropper DropperBackdoor CACTUSPIPE OILYFACE | |
| Category | Malware | |
| Type | Backdoor, Dropper | |
| Description | (Talos) In April, Cisco Talos identified an undocumented malware developed in .NET. On the analyzed samples, the malware author left two different internal names in plain text: 'DropperBackdoor' and 'Karkoff.' We decided to use the second name as the malware's moniker, as it is less generic. The malware is lightweight compared to other malware due to its small size and allows remote code execution from the C2 server. There is no obfuscation and the code can be easily disassembled. | |
| Information | <https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.karkoff> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:Karkoff> | |
Last change to this tool card: 30 November 2023
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| DNSpionage |  | 2019-Apr 2019 | |||
| OilRig, APT 34, Helix Kitten, Chrysene | | 2014-Aug 2023 |  | ||
2 groups listed (2 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |