Orangeworm | APT Profile

Description

[Orangeworm](https://attack.mitre.org/groups/G0071) is a group that has targeted organizations in the healthcare sector in the United States, Europe, and Asia since at least 2015, likely for the purpose of corporate espionage.(Citation: Symantec Orangeworm April 2018) Reverse engineering of [Kwampirs](https://attack.mitre.org/software/S0236), directly associated with [Orangeworm](https://attack.mitre.org/groups/G0071) activity, indicates significant functional and development overlaps with [Shamoon](https://attack.mitre.org/software/S0140).(Citation: Cylera Kwampirs 2022)

Techniques Used (TTPs)

T1071.001 — Web Protocols (command-and-control)
T1021.002 — SMB/Windows Admin Shares (lateral-movement)

Total TTPs: 2

Malware & Tools

Malware: Kwampirs

Tools: Arp, Net, Systeminfo, cmd, ipconfig, netstat, route

← Return to Home ← Back to APT Search