SYMBOLCOMMON_NAMEaka. SYNONYMS
win.okrum (Back to overview)

Okrum

Actor(s): Mirage


a new, previously unknown backdoor that we named Okrum. The malicious actors behind the Okrum malware were focused on the same targets in Slovakia that were previously targeted by Ketrican 2015 backdoors.

References
2020-11-03Kaspersky LabsGReAT
@online{great:20201103:trends:febc159, author = {GReAT}, title = {{APT trends report Q3 2020}}, date = {2020-11-03}, organization = {Kaspersky Labs}, url = {https://securelist.com/apt-trends-report-q3-2020/99204/}, language = {English}, urldate = {2020-11-04} } APT trends report Q3 2020
WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti
2020-05-21IntezerPaul Litvak
@online{litvak:20200521:evolution:a14bf60, author = {Paul Litvak}, title = {{The Evolution of APT15’s Codebase 2020}}, date = {2020-05-21}, organization = {Intezer}, url = {https://www.intezer.com/blog/research/the-evolution-of-apt15s-codebase-2020/}, language = {English}, urldate = {2020-05-23} } The Evolution of APT15’s Codebase 2020
Ketrican Ketrum Okrum
2019-07-18ESET ResearchZuzana Hromcová
@online{hromcov:20190718:okrum:3841a95, author = {Zuzana Hromcová}, title = {{Okrum: Ke3chang group targets diplomatic missions}}, date = {2019-07-18}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2019/07/18/okrum-ke3chang-targets-diplomatic-missions/}, language = {English}, urldate = {2019-11-14} } Okrum: Ke3chang group targets diplomatic missions
Ketrican Okrum

There is no Yara-Signature yet.