Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Orangeworm Kwampirs Trojan Detection
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The script tries to detect the Orangeworm Kwampirs Trojan via various known Indicators of Compromise (IOC).
Insight
Insight
The Orangeworm group is using a repurposed Trojan called Kwampirs to set up persistent remote access after they infiltrate victim organizations. Kwampirs is not especially stealthy and can be detected using indicators of compromise and activity on the target system. The Trojan evades hash-based detection by inserting a random string in its main executable so its hash is different on each system. However, Kwampirs uses consistent services names, configuration files, and similar payload DLLs on the target machine that can be used to detect it.
Affected Software
Affected Software
All Windows Systems.
Solution
Solution
A whole cleanup of the infected system is recommended.