 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.107306 |
| Category: | Malware |
| Title: | Orangeworm Kwampirs Trojan Detection |
| Summary: | The script tries to detect the Orangeworm Kwampirs Trojan via; various known Indicators of Compromise (IOC). |
| Description: | Summary: The script tries to detect the Orangeworm Kwampirs Trojan via various known Indicators of Compromise (IOC). Vulnerability Insight: The Orangeworm group is using a repurposed Trojan called Kwampirs to set up persistent remote access after they infiltrate victim organizations. Kwampirs is not especially stealthy and can be detected using indicators of compromise and activity on the target system. The Trojan evades hash-based detection by inserting a random string in its main executable so its hash is different on each system. However, Kwampirs uses consistent services names, configuration files, and similar payload DLLs on the target machine that can be used to detect it. Vulnerability Impact: Trojan.Kwampirs is a Trojan horse that may open a back door on the compromised computer. It may also download potentially malicious files. Affected Software/OS: All Windows Systems. Solution: A whole cleanup of the infected system is recommended. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Copyright | Copyright (C) 2018 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |