Symantec connects the 2013 Trojan.Jokra activity against South Korea with earlier 2009 and 2011 destructive campaigns by comparing malware families and supporting artifacts. Trojan.Jokra overwrote the MBR and disk contents, including mapped network drives, and was delivered through multiple vectors including compromised patch-management systems. During the 2013 investigation, Backdoor.Prioxer.B was found on compromised systems and linked to Jokra through a low-prevalence packer, a shared downloader relationship, and related build-path strings under Z:\Work\Make Troy. The report treats the 2011 and 2013 Prioxer relationship as likely but not definitive, with the build paths and limited packer distribution suggesting a professional or organized operator rather than a public toolchain.