Prikormka

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Prikormka is a type of malware that was used in Operation Groundbait, a cyber threat campaign that took place between 2008 and 2016. The malware is typically deployed through a dropper contained within malicious email attachments and has 13 different components designed to harvest various types of data from compromised machines. Over the years, Prikormka has been connected to other Advanced Persistent Threat (APT) activities including Operation BugDrop and PowerMagic. In recent research, Kaspersky experts found multiple similarities between Prikormka and two other malwares: CommonMagic and CloudWizard. These similarities include the same name format for files uploaded to the C2 server, similar order of extensions used in extension lists, and identical format string for directory listings. Additionally, several modules of CloudWizard resemble those from Prikormka and BugDrop, although they have been rewritten from C to C++. Based on these findings, Kaspersky experts have concluded that the malicious campaigns of Prikormka, Operation Groundbait, Operation BugDrop, CommonMagic, and CloudWizard may all be attributed to the same active threat actor. This suggests an ongoing threat from a single source that has evolved its tactics and tools over time, but retained certain identifiable characteristics. This information can be crucial in developing defenses against these persistent threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Cloudwizard
2
CloudWizard is a sophisticated malware discovered in May 2023, allegedly developed by an unidentified threat actor based in Ukraine. This malicious software has been linked to a broader set of cyber-attacks across the country, marking an evolution from its predecessors by exploiting well-known cloud
Commonmagic
2
CommonMagic is a malicious software framework that has been actively used since at least September 2021 to target government, agriculture, and transportation organizations located in the Donetsk, Lugansk, and Crimea regions. It was developed by an APT group linked to the Russo-Ukrainian conflict and
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Malware
Loader
Kaspersky
Skype
Dropper
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
PowermagicUnspecified
1
PowerMagic is a sophisticated malware, also known as DBoxShell, that has been linked to a series of advanced persistent threat (APT) activities. This malicious software was identified by Kaspersky researchers who traced its connections to previous APT activities such as Operation Groundbait, the Pri
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Prikormka Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
IT threat evolution in Q2 2023 – GIXtools
CERT-EU
a year ago
IT threat evolution Q2 2023
CERT-EU
a year ago
Anomali Cyber Watch: CloudWizard Targets Both Sides in Ukraine, Camaro Dragon Trojanized ​​TP-Link Firmware, RA Group Ransomware Copied Babuk
CERT-EU
a year ago
Kaspersky: la campagna APT CommonMagic estende il suo raggio d’azione | Il corriere della sicurezza
CERT-EU
a year ago
La campagne APT CommonMagic élargit son champ d'action à l'Ukraine centrale et occidentale – Global Security Mag Online
CERT-EU
a year ago
La campagne APT CommonMagic élargit son champ d'action à l'Ukraine centrale et occidentale – Global Security Mag Online
CERT-EU
a year ago
Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade
CERT-EU
a year ago
CloudWizard APT: the bad magic story goes on - GIXtools
CERT-EU
a year ago
«Лаборатория Касперского» раскрыла новые подробности о кибератаках CommonMagic
DARKReading
a year ago
CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine
CERT-EU
a year ago
CloudWizard и CommonMagic: новые оружия кибервойны