Orangeworm
Orangeworm is a group that has targeted organizations in the healthcare sector in the United States, Europe, and Asia since at least 2015, likely for the purpose of corporate espionage. [1]
ID: G0071
Aliases: Orangeworm
Contributors: Elger Vinicius S. Rodrigues, @elgervinicius, CYBINT CentreVersion: 1.0
Alias Descriptions
Name | Description |
---|---|
Orangeworm | [1] |
Techniques Used
Domain | ID | Name | Use |
---|---|---|---|
Enterprise | T1071 | Standard Application Layer Protocol | Orangeworm has used HTTP for C2.[2] |
Enterprise | T1077 | Windows Admin Shares | Orangeworm has copied its backdoor across open network shares, including ADMIN$, C$WINDOWS, D$WINDOWS, and E$WINDOWS.[1] |
Software
References
- Symantec Security Response Attack Investigation Team. (2018, April 23). Orangeworm: Indicators of Compromise. Retrieved July 8, 2018.