Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Orangeworm

Orangeworm is a group that has targeted organizations in the healthcare sector in the United States, Europe, and Asia since at least 2015, likely for the purpose of corporate espionage.(Citation: Symantec Orangeworm April 2018) Reverse engineering of Kwampirs, directly associated with Orangeworm activity, indicates significant functional and development overlaps with Shamoon.(Citation: Cylera Kwampirs 2022)

ID: G0071

Associated Groups:

Version: 2.0

Created: 17 Oct 2018

Last Modified: 10 Apr 2024

Name	Description
Associated Group Descriptions

Domain	ID		Name	Use
Techniques Used
Enterprise	T1071	.001	Application Layer Protocol: Web Protocols	Orangeworm has used HTTP for C2.(Citation: Symantec Orangeworm IOCs April 2018)
Enterprise	T1021	.002	Remote Services: SMB/Windows Admin Shares	Orangeworm has copied its backdoor across open network shares, including ADMIN$, C$WINDOWS, D$WINDOWS, and E$WINDOWS.(Citation: Symantec Orangeworm April 2018)

ID	Name	References	Techniques
Software
S0039	Net	(Citation: Microsoft Net Utility) (Citation: Savill 1999) (Citation: Symantec Orangeworm April 2018)	Domain Account, Local Account, Domain Groups, System Service Discovery, Network Share Discovery, Additional Local or Domain Groups, SMB/Windows Admin Shares, Local Account, Domain Account, System Network Connections Discovery, Local Groups, Network Share Connection Removal, Password Policy Discovery, Remote System Discovery, Service Execution, System Time Discovery
S0100	ipconfig	(Citation: Symantec Orangeworm April 2018) (Citation: TechNet Ipconfig)	System Network Configuration Discovery
S0099	Arp	(Citation: Symantec Orangeworm April 2018) (Citation: TechNet Arp)	System Network Configuration Discovery, Remote System Discovery
S0104	netstat	(Citation: Symantec Orangeworm April 2018) (Citation: TechNet Netstat)	System Network Connections Discovery
S0096	Systeminfo	(Citation: Symantec Orangeworm April 2018) (Citation: TechNet Systeminfo)	System Information Discovery
S0106	cmd	(Citation: Symantec Orangeworm April 2018) (Citation: TechNet Cmd) (Citation: TechNet Copy) (Citation: TechNet Del) (Citation: TechNet Dir)	System Information Discovery, File and Directory Discovery, Lateral Tool Transfer, Windows Command Shell, File Deletion, Ingress Tool Transfer
S0103	route	(Citation: Symantec Orangeworm April 2018) (Citation: TechNet Route)	System Network Configuration Discovery
S0236	Kwampirs	(Citation: Cylera Kwampirs 2022) (Citation: Symantec Orangeworm April 2018)	System Owner/User Discovery, Rundll32, Encrypted/Encoded File, Local Account, Windows Service, Domain Groups, System Service Discovery, Network Share Discovery, System Information Discovery, Deobfuscate/Decode Files or Information, SMB/Windows Admin Shares, Binary Padding, System Network Configuration Discovery, File and Directory Discovery, Masquerade Task or Service, System Network Connections Discovery, Process Discovery, Local Groups, Password Policy Discovery, Remote System Discovery, Ingress Tool Transfer, Fallback Channels

References

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

Orangeworm

Associated Group Descriptions

Techniques Used

Software

References