Ketrican

Malware updated 23 days ago (2024-11-29T13:59:17.249Z)
Download STIX
Preview STIX
Ketrican is a type of malware, or malicious software, that was developed to exploit and damage computer systems. It's associated with the Ke3chang group and is known for its ability to infiltrate systems through suspicious downloads, emails, or websites. Once inside a system, Ketrican can steal personal information, disrupt operations, or even hold data hostage for ransom. Ketrican evolved from an earlier model called BS2005 and later merged features with another implant known as Okrum to spawn a new malware dubbed Ketrum. The evolution of Ketrican resulted in the creation of Graphican, an updated backdoor that stands apart due to its use of Microsoft Graph API and OneDrive to obtain command-and-control (C&C) server details. This method has also been utilized by other threat groups such as APT28 and Bad Magic, according to a Symantec report. Despite having the same functionality, Graphican differentiates itself from Ketrican with these unique tactics. Researchers speculate that the similarities between Graphican and Ketrican may indicate that the group behind them is not overly concerned about attribution. In recent years, there have been several developments in malware technology, including Gallium's new Linux backdoor Sword2033, WinnTI’s Mélofée malware, and Ke3chang’s Graphican’s backdoor. These are all notable evolutions of their respective original malware, showcasing the continuous advancements in this field. As these threats continue to evolve and become more sophisticated, it underscores the importance of robust cybersecurity measures and vigilant monitoring of potential threats.
Description last updated: 2024-05-04T22:45:03.645Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
graphican is a possible alias for Ketrican. Graphican is a novel malware developed by the Chinese threat actor group known as Flea, APT15, or Nickel. The malware, an evolution of the group's custom backdoor Ketrican, has been used in a series of cyber-attacks against foreign affairs ministries across Central and South America between late 202
2
Okrum is a possible alias for Ketrican. Okrum is a malware that belongs to the Ke3chang Group's arsenal of malicious tools. It is a sophisticated program designed to infiltrate computer systems and carry out harmful activities. Okrum has been identified as an evolution of the Flea backdoor named Ketrican, combining features from both Ketr
2
BS2005 is a possible alias for Ketrican. BS2005 is a malicious software (malware) traditionally used by a cybercriminal group for harmful activities. The malware infiltrates systems via suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. BS2005, known as a backd
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Ke3chang Threat Actor is associated with Ketrican. Ke3chang, also known as APT15, Mirage, Vixen Panda GREF, and Playful Dragon, is a prominent threat actor that has been active since at least 2010. According to the European Union Agency for Cybersecurity (ENISA), this group has consistently targeted energy, government, and military sectors. Ke3changUnspecified
2
The APT15 Threat Actor is associated with Ketrican. APT15, also known as Vixen Panda, Nickel, Flea, KE3CHANG, Royal APT, and Playful Dragon, is a threat actor group suspected to be of Chinese origin. The group targets global sectors including trade, economic and financial, energy, and military, aligning with the interests of the Chinese government. IUnspecified
2