Question 1

What is S0439 — Okrum?

Accepted Answer

[Okrum](https://attack.mitre.org/software/S0439) is a Windows backdoor that has been seen in use since December 2016 with strong links to [Ke3chang](https://attack.mitre.org/groups/G0004).(Citation: ESET Okrum July 2019) Documented platforms: Windows. Attributed to ATT&CK group: Ke3chang.

Question 2

What is the authoritative source for S0439?

Accepted Answer

Okrum (S0439) is catalogued in MITRE ATT&CK Enterprise and curated for EU compliance use cases by SQUR.

S0439Okrum

Description

Platforms· 1

Attributed to1

References

Related by meaning· 6