Okrum

Malware updated 7 months ago (2024-05-04T20:52:50.520Z)

Download STIX

Preview STIX

Okrum is a malware that belongs to the Ke3chang Group's arsenal of malicious tools. It is a sophisticated program designed to infiltrate computer systems and carry out harmful activities. Okrum has been identified as an evolution of the Flea backdoor named Ketrican, combining features from both Ketrican and another implant to create a new malware variant called Ketrum. The Ke3chang Group, also known as APT15, is responsible for the development and deployment of Okrum and other related malware. They have targeted diplomatic missions and organizations, aiming to gain unauthorized access, steal sensitive information, disrupt operations, and potentially hold data hostage for ransom. The group has utilized various custom backdoors and implants, including RoyalCLI, RoyalDNS, SilkBean (an Android spyware), Moonshine, and the merged form of Ketrican and Okrum, known as Ketrum. These advanced malware tools highlight the evolving nature of cyber threats and the constant adaptation of malicious actors. Organizations should remain vigilant against suspicious downloads, emails, and websites, as these can serve as entry points for malware infections. Implementing robust security measures, regularly updating software, and educating users about best practices for online safety are crucial in defending against threats like Okrum and mitigating the risks associated with such sophisticated malware attacks.

Description last updated: 2023-06-29T09:40:53.486Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Ketrican is a possible alias for Okrum. Ketrican is a type of malware, or malicious software, that was developed to exploit and damage computer systems. It's associated with the Ke3chang group and is known for its ability to infiltrate systems through suspicious downloads, emails, or websites. Once inside a system, Ketrican can steal pers	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Okrum Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor
CERT-EU	a year ago	Flea APT’s latest campaign targets foreign affairs ministries with new Graphican backdoor
Unit42	2 years ago	Chinese Playful Taurus Activity in Iran