Krasue

Description

(Group-IB) Earlier this year, the Group-IB Threat Intelligence unit uncovered a Linux Remote Access Trojan (RAT) that has managed to fly under the radar for a long time. Group-IB researchers discovered that this malware, which was first registered on Virustotal in 2021, has almost exclusively been used against organizations in Thailand. At the time of writing, Group-IB researchers can confirm that Krasue was used against telecommunications companies, although it has likely been leveraged in attacks against organizations in other verticals as well.

Owing to the fact that Thai companies were exclusively targeted, Group-IB has decided to call this RAT Krasue, a nod to the Thai name of a nocturnal native spirit known throughout Southeast Asian folklore. Krasue, who is said to hover in the air above the ground and is driven by extreme hunger, poses a severe risk to critical systems and sensitive data given that it is able to grant attackers remote access to the targeted network. The malware also features rootkits embedded in the binary.

Names

Name
Krasue

Type

Rootkit
Backdoor
Info stealer

Information

https://www.group-ib.com/blog/krasue-rat/

Other Information

Uuid

c99594a6-b6a2-4037-9973-da077848c84a

Last Card Change

2024-01-16

Threat Intelligence Garden

Explorer

Krasue

Krasue

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks