Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 22:04:42 UTC
Home > List all groups > List all tools > List all groups using tool KRNRAT
 Tool: KRNRAT
Names KRNRAT
Category Malware
Type Backdoor, Tunneling, Exfiltration
Description
(Trend Micro) The other rootkit we found is called KRNRAT. It’s a full-featured backdoor
with various capabilities, including process manipulation, file hiding, shellcode execution,
traffic concealment, and C&C communication. We named this rootkit KRNRAT because of its
internal name, just as written in its PDB string.
Information <https://www.trendmicro.com/en_us/research/25/d/earth-kurma-apt-campaign.html>
Last change to this tool card: 27 June 2025
Download this tool card in JSON format
All groups using tool KRNRAT
Changed Name Country Observed
APT groups
  Earth Kurma 2020  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=32e3be0f-b2cd-4591-bd73-e972f7f5d28d
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=32e3be0f-b2cd-4591-bd73-e972f7f5d28d
Page 1 of 1