Kwampirs

Description

Kwampirs is a family of malware which uses SMB to spread. It typically will not execute or deploy in environments in which there is no publicly available admin$ share. It is a fully featured backdoor which can download additional modules. Typical C2 traffic is over HTTP and includes ‘q=[ENCRYPTED DATA]’ in the URI.

Names

Name
Kwampirs

Type

Backdoor
Worm

Information

https://symantec-blogs.broadcom.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia
https://lab52.io/blog/orangeworm-group-kwampirs-analysis-update/
https://blog.reversinglabs.com/blog/unpacking-kwampirs-rat

Mitre Attack

https://attack.mitre.org/software/S0236/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.kwampirs

Other Information

Uuid

2543f59c-c8b9-4316-b66a-a30945a2a701

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

Kwampirs

Kwampirs

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks