Ketrum and Backdoor Recycling by Ke3chang APT

Ketrum and Backdoor Recycling by Ke3chang APT

The Ke3chang hacking group has developed a new malware - Ketrum - by combining source codes and features from their older Okrum and Ketrican backdoors.

Evolutionary history


The samples discovered were a combination of Okrum and Ketrican backdoors, which was found in 2019.  
Two new samples were detected in 2019, one of which was similar to the 2018 Ketrican backdoor, and the other one evolved from it.
The Ketrican samples found in 2018 were the most evolved Ketrican backdoors, with an option to load DLL to the conventional set of supported commands.


The threat actor


Ke3chang is an APT group, also known as Royal APT, Vixen Panda, APT15, and Playful Dragon, that has been operating since 2010. The group targets a vast range of sectors, including the oil and military sectors, along with European diplomatic organizations and government contractors.

What the experts are saying


The tools used by Ke3chang, such as Ketrican, Okrum, Mirage, Ketrum, and TidePool, serve the same purpose, with the exception of a few attributes.
The group morphs its code and switches basic functionalities across their several backdoors.

Worth noting


The IOCs related to the new backdoor ca ..

Support the originator by clicking the read the rest link below.