Description
[Okrum](https://attack.mitre.org/software/S0439) is a Windows backdoor that has been seen in use since December 2016 with strong links to [Ke3chang](https://attack.mitre.org/groups/G0004).(Citation: ESET Okrum July 2019)
External References
Techniques Used by This Malware
- T1001 — Data Obfuscation
- T1001.003 — Protocol or Service Impersonation
- T1003.001 — LSASS Memory
- T1003.005 — Cached Domain Credentials
- T1016 — System Network Configuration Discovery
- T1027.003 — Steganography
- T1033 — System Owner/User Discovery
- T1036.004 — Masquerade Task or Service
- T1041 — Exfiltration Over C2 Channel
- T1049 — System Network Connections Discovery
- T1053.005 — Scheduled Task
- T1056.001 — Keylogging
- T1059.003 — Windows Command Shell
- T1070.004 — File Deletion
- T1071.001 — Web Protocols
- T1082 — System Information Discovery
- T1083 — File and Directory Discovery
- T1090.002 — External Proxy
- T1105 — Ingress Tool Transfer
- T1124 — System Time Discovery
- T1132.001 — Standard Encoding
- T1134.001 — Token Impersonation/Theft
- T1140 — Deobfuscate/Decode Files or Information
- T1497.001 — System Checks
- T1497.002 — User Activity Based Checks
- T1497.003 — Time Based Evasion
- T1543.003 — Windows Service
- T1547.001 — Registry Run Keys / Startup Folder
- T1547.009 — Shortcut Modification
- T1560.001 — Archive via Utility
- T1560.003 — Archive via Custom Method
- T1564.001 — Hidden Files and Directories
- T1569.002 — Service Execution
- T1573.001 — Symmetric Cryptography