KARAE

KARAE is a backdoor typically used by APT37 as first-stage malware. [1]

ID: S0215
Aliases: KARAE
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
KARAE[1]

Techniques Used

DomainIDNameUse
EnterpriseT1189Drive-by CompromiseKARAE was distributed through torrent file-sharing websites to South Korean victims, using a YouTube video downloader application as a lure.[1]
EnterpriseT1105Remote File CopyKARAE can upload and download files, including second-stage malware.[1]
EnterpriseT1082System Information DiscoveryKARAE can collect system information.[1]
EnterpriseT1102Web ServiceKARAE can use public cloud-based storage providers for command and control.[1]

Groups

Groups that use this software:

APT37

References