Prikormka

Malware updated 4 months ago (2024-05-04T20:24:26.668Z)

Download STIX

Preview STIX

Prikormka is a type of malware that was used in Operation Groundbait, a cyber threat campaign that took place between 2008 and 2016. The malware is typically deployed through a dropper contained within malicious email attachments and has 13 different components designed to harvest various types of data from compromised machines. Over the years, Prikormka has been connected to other Advanced Persistent Threat (APT) activities including Operation BugDrop and PowerMagic. In recent research, Kaspersky experts found multiple similarities between Prikormka and two other malwares: CommonMagic and CloudWizard. These similarities include the same name format for files uploaded to the C2 server, similar order of extensions used in extension lists, and identical format string for directory listings. Additionally, several modules of CloudWizard resemble those from Prikormka and BugDrop, although they have been rewritten from C to C++. Based on these findings, Kaspersky experts have concluded that the malicious campaigns of Prikormka, Operation Groundbait, Operation BugDrop, CommonMagic, and CloudWizard may all be attributed to the same active threat actor. This suggests an ongoing threat from a single source that has evolved its tactics and tools over time, but retained certain identifiable characteristics. This information can be crucial in developing defenses against these persistent threats.

Description last updated: 2024-05-04T16:47:03.563Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Cloudwizard	2	CloudWizard is a malicious software (malware) that has been used in advanced persistent threat (APT) campaigns. First reported by Kaspersky in 2023, it has been linked to cyber warfare activities in the Russo-Ukrainian conflict area. The malware operates by infiltrating systems and performing harmfu
Commonmagic	2	CommonMagic is a malicious software framework that has been actively used since at least September 2021 to target government, agriculture, and transportation organizations located in the Donetsk, Lugansk, and Crimea regions. It was developed by an APT group linked to the Russo-Ukrainian conflict and

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Prikormka Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	IT threat evolution in Q2 2023 – GIXtools
CERT-EU	a year ago	IT threat evolution Q2 2023
CERT-EU	a year ago	Anomali Cyber Watch: CloudWizard Targets Both Sides in Ukraine, Camaro Dragon Trojanized TP-Link Firmware, RA Group Ransomware Copied Babuk
CERT-EU	a year ago	Kaspersky: la campagna APT CommonMagic estende il suo raggio d’azione \| Il corriere della sicurezza
CERT-EU	a year ago	La campagne APT CommonMagic élargit son champ d'action à l'Ukraine centrale et occidentale – Global Security Mag Online
CERT-EU	a year ago	La campagne APT CommonMagic élargit son champ d'action à l'Ukraine centrale et occidentale – Global Security Mag Online
CERT-EU	a year ago	Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade
CERT-EU	a year ago	CloudWizard APT: the bad magic story goes on - GIXtools
CERT-EU	a year ago	«Лаборатория Касперского» раскрыла новые подробности о кибератаках CommonMagic
DARKReading	a year ago	CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine
CERT-EU	a year ago	CloudWizard и CommonMagic: новые оружия кибервойны