The Ke3chang hacking group added a new malware dubbed Ketrum to its arsenal, it borrows portions of code and features from older backdoors. The new malware borrows features from their older Ketrican and Okrum backdoors and borrows code from the group’s previous backdoors. The three Ketrum samples connected to the same Chinese-based command and control server and have been used in two different time periods. Backdoor commands are determined by a hashing value received from the C&C server.”]
Source: https://securityaffairs.co/wordpress/103903/apt/ke3chang-group-ketrum-backdoor.html