Skip to content

Hide Navigation Hide TOC

KARAE (70ca8408-bc45-4d39-acd2-9190ba15ea97)

Karae backdoors are typically used as first-stage malware after an initial compromise. The backdoors can collect system information, upload and download files, and may be used to retrieve a second-stage payload. The malware uses public cloud-based storage providers for command and control. In March 2016, KARAE malware was distributed through torrent file-sharing websites for South Korean users. During this campaign, the malware used a YouTube video downloader application as a lure.

Cluster A Galaxy A Cluster B Galaxy B Level
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware KARAE (70ca8408-bc45-4d39-acd2-9190ba15ea97) Tool 1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware 2
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware Drive-by Compromise - T1189 (d742a578-d70e-4d0e-96a6-02a9c30204e6) Attack Pattern 2
KARAE - S0215 (3c02fb1f-cbdb-48f5-abaf-8c81d6e0c322) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 3