Karkoff

Description

(Talos) In April, Cisco Talos identified an undocumented malware developed in .NET. On the analyzed samples, the malware author left two different internal names in plain text: ‘DropperBackdoor’ and ‘Karkoff.’ We decided to use the second name as the malware’s moniker, as it is less generic. The malware is lightweight compared to other malware due to its small size and allows remote code execution from the C2 server. There is no obfuscation and the code can be easily disassembled.

Names

Name
Karkoff
MailDropper
DropperBackdoor
CACTUSPIPE
OILYFACE

Type

Backdoor
Dropper

Information

https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.karkoff

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:Karkoff

Other Information

Uuid

330eed05-5332-4314-a9ef-ebe891bc3153

Last Card Change

2023-11-30

Threat Intelligence Garden

Explorer

Karkoff

Karkoff

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks