APT / THREAT GROUP
Racket Downloader
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Racket Downloader is an HTTP(S) downloader.
It uses a custom substitution cipher for decryption of its character strings, and RC5 with a 256-bit key for encryption and decryption of network traffic.
It sends an HTTP POST request containing a particular value that inspired its name, like "?product_field=racket" or "prd_fld=racket".
Racket Downloader was deployed against South Korean targets running the Initech INISAFE CrossWeb EX software in Q2 2021 and Q1 2022.
Threat Analysis
Racket Downloader is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
win.racketRacket Downloader
External Intelligence
Malpedia: win.racketResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.