Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Orangeworm

Orangeworm is a group that has targeted organizations in the healthcare sector in the United States, Europe, and Asia since at least 2015, likely for the purpose of corporate espionage.(Citation: Symantec Orangeworm April 2018) Reverse engineering of Kwampirs, directly associated with Orangeworm activity, indicates significant functional and development overlaps with Shamoon.(Citation: Cylera Kwampirs 2022)
ID: G0071
Associated Groups: 
Version: 2.0
Created: 17 Oct 2018
Last Modified: 10 Apr 2024

Associated Group Descriptions

Name Description

Techniques Used

Domain ID Name Use
Enterprise T1071 .001 Application Layer Protocol: Web Protocols

Orangeworm has used HTTP for C2.(Citation: Symantec Orangeworm IOCs April 2018)

Enterprise T1021 .002 Remote Services: SMB/Windows Admin Shares

Orangeworm has copied its backdoor across open network shares, including ADMIN$, C$WINDOWS, D$WINDOWS, and E$WINDOWS.(Citation: Symantec Orangeworm April 2018)

Software

ID Name References Techniques
S0039 Net (Citation: Microsoft Net Utility) (Citation: Savill 1999) (Citation: Symantec Orangeworm April 2018) Password Policy Discovery, Domain Groups, System Time Discovery, Domain Account, Local Account, System Service Discovery, Remote System Discovery, Network Share Discovery, System Network Connections Discovery, Network Share Connection Removal, Service Execution, Local Account, Additional Local or Domain Groups, Local Groups, SMB/Windows Admin Shares, Domain Account
S0100 ipconfig (Citation: Symantec Orangeworm April 2018) (Citation: TechNet Ipconfig) System Network Configuration Discovery
S0099 Arp (Citation: Symantec Orangeworm April 2018) (Citation: TechNet Arp) Remote System Discovery, System Network Configuration Discovery
S0104 netstat (Citation: Symantec Orangeworm April 2018) (Citation: TechNet Netstat) System Network Connections Discovery
S0096 Systeminfo (Citation: Symantec Orangeworm April 2018) (Citation: TechNet Systeminfo) System Information Discovery
S0106 cmd (Citation: Symantec Orangeworm April 2018) (Citation: TechNet Cmd) (Citation: TechNet Copy) (Citation: TechNet Del) (Citation: TechNet Dir) File and Directory Discovery, Ingress Tool Transfer, System Information Discovery, File Deletion, Windows Command Shell, Lateral Tool Transfer
S0103 route (Citation: Symantec Orangeworm April 2018) (Citation: TechNet Route) System Network Configuration Discovery
S0236 Kwampirs (Citation: Cylera Kwampirs 2022) (Citation: Symantec Orangeworm April 2018) Domain Groups, Local Account, Network Share Discovery, Deobfuscate/Decode Files or Information, System Service Discovery, File and Directory Discovery, Encrypted/Encoded File, Windows Service, System Owner/User Discovery, Remote System Discovery, SMB/Windows Admin Shares, Binary Padding, Ingress Tool Transfer, System Information Discovery, Masquerade Task or Service, Rundll32, Process Discovery, System Network Connections Discovery, System Network Configuration Discovery, Password Policy Discovery, Fallback Channels, Local Groups

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.