Okrum

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Okrum is a malware that belongs to the Ke3chang Group's arsenal of malicious tools. It is a sophisticated program designed to infiltrate computer systems and carry out harmful activities. Okrum has been identified as an evolution of the Flea backdoor named Ketrican, combining features from both Ketrican and another implant to create a new malware variant called Ketrum. The Ke3chang Group, also known as APT15, is responsible for the development and deployment of Okrum and other related malware. They have targeted diplomatic missions and organizations, aiming to gain unauthorized access, steal sensitive information, disrupt operations, and potentially hold data hostage for ransom. The group has utilized various custom backdoors and implants, including RoyalCLI, RoyalDNS, SilkBean (an Android spyware), Moonshine, and the merged form of Ketrican and Okrum, known as Ketrum. These advanced malware tools highlight the evolving nature of cyber threats and the constant adaptation of malicious actors. Organizations should remain vigilant against suspicious downloads, emails, and websites, as these can serve as entry points for malware infections. Implementing robust security measures, regularly updating software, and educating users about best practices for online safety are crucial in defending against threats like Okrum and mitigating the risks associated with such sophisticated malware attacks.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Ketrican
2
Ketrican is a type of malware, or malicious software, that was developed to exploit and damage computer systems. It's associated with the Ke3chang group and is known for its ability to infiltrate systems through suspicious downloads, emails, or websites. Once inside a system, Ketrican can steal pers
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Spyware
Malware
Android
Implant
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
graphicanUnspecified
1
Graphican is a novel malware developed by the Chinese threat actor group known as Flea, APT15, or Nickel. The malware, an evolution of the group's custom backdoor Ketrican, has been used in a series of cyber-attacks against foreign affairs ministries across Central and South America between late 202
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
FleaUnspecified
1
Flea, also known as APT15 or Nickel, is a China-linked threat actor primarily targeting foreign affairs ministries in Central and South American countries. The group's latest campaign utilizes a novel backdoor named "Graphican," which is an evolution of their custom backdoor Ketrican. This new backd
Ke3changUnspecified
1
Ke3chang, also known as APT15, Mirage, Vixen Panda GREF, and Playful Dragon, is a prominent threat actor that has been active since at least 2010. According to the European Union Agency for Cybersecurity (ENISA), this group has consistently targeted energy, government, and military sectors. Ke3chang
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Okrum Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor
CERT-EU
a year ago
Flea APT’s latest campaign targets foreign affairs ministries with new Graphican backdoor
Unit42
a year ago
Chinese Playful Taurus Activity in Iran