Orangeworm

Overview

Orangeworm is a group that has targeted organizations in the healthcare sector in the United States, Europe, and Asia since at least 2015, likely for the purpose of corporate espionage. Reverse engineering of Kwampirs, directly associated with Orangeworm activity, indicates significant functional and development overlaps with Shamoon.

TTPs — 2 techniques across 2 tactics

Tools & malware (8)

Kwampirs · netstat · Net · ipconfig · cmd · route · Arp · Systeminfo

Reporting (2)

• The link between Kwampirs (Orangeworm) and Shamoon APTs — Pablo Rincón Crespo
• New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia — Symantec Security Response Attack Investigation Team