HOMETHREATSRacket Downloader
APT / THREAT GROUP

Racket Downloader

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Racket Downloader is an HTTP(S) downloader.

It uses a custom substitution cipher for decryption of its character strings, and RC5 with a 256-bit key for encryption and decryption of network traffic.

It sends an HTTP POST request containing a particular value that inspired its name, like "?product_field=racket" or "prd_fld=racket".

Racket Downloader was deployed against South Korean targets running the Initech INISAFE CrossWeb EX software in Q2 2021 and Q1 2022.

Threat Analysis

Racket Downloader is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

win.racketRacket Downloader

External Intelligence

Malpedia: win.racket

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Racket Downloader — APT / Threat Group | Threat Intelligence | CTIWATCH.COM