{
	"id": "56eb6729-027e-4d1c-b3ac-84a4bf9dc814",
	"created_at": "2026-04-06T00:12:30.467116Z",
	"updated_at": "2026-04-10T13:12:33.985216Z",
	"deleted_at": null,
	"sha1_hash": "36a3ba4852ac75348d2e417358f3d58dc113b1f8",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46586,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 19:14:04 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Krasue\n Tool: Krasue\nNames Krasue\nCategory Malware\nType Rootkit, Backdoor, Info stealer\nDescription\n(Group-IB) Earlier this year, the Group-IB Threat Intelligence unit uncovered a Linux Remote\nAccess Trojan (RAT) that has managed to fly under the radar for a long time. Group-IB\nresearchers discovered that this malware, which was first registered on Virustotal in 2021, has\nalmost exclusively been used against organizations in Thailand. At the time of writing, Group-IB researchers can confirm that Krasue was used against telecommunications companies,\nalthough it has likely been leveraged in attacks against organizations in other verticals as well.\nOwing to the fact that Thai companies were exclusively targeted, Group-IB has decided to call\nthis RAT Krasue, a nod to the Thai name of a nocturnal native spirit known throughout\nSoutheast Asian folklore. Krasue, who is said to hover in the air above the ground and is\ndriven by extreme hunger, poses a severe risk to critical systems and sensitive data given that\nit is able to grant attackers remote access to the targeted network. The malware also features\nrootkits embedded in the binary.\nInformation Last change to this tool card: 16 January 2024\nDownload this tool card in JSON format\nAll groups using tool Krasue\nChanged Name Country Observed\nUnknown groups\n _[ Interesting malware not linked to an actor yet ]_\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c99594a6-b6a2-4037-9973-da077848c84a\nPage 1 of 2\n\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c99594a6-b6a2-4037-9973-da077848c84a\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c99594a6-b6a2-4037-9973-da077848c84a\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c99594a6-b6a2-4037-9973-da077848c84a"
	],
	"report_names": [
		"listgroups.cgi?u=c99594a6-b6a2-4037-9973-da077848c84a"
	],
	"threat_actors": [],
	"ts_created_at": 1775434350,
	"ts_updated_at": 1775826753,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/36a3ba4852ac75348d2e417358f3d58dc113b1f8.pdf",
		"text": "https://archive.orkl.eu/36a3ba4852ac75348d2e417358f3d58dc113b1f8.txt",
		"img": "https://archive.orkl.eu/36a3ba4852ac75348d2e417358f3d58dc113b1f8.jpg"
	}
}