【ニュース】
◆Orangeworm Hackers Infect X-Ray and MRI Machines In Their Quest for Patient Data (BleepingComputer, 2018/04/23)
https://www.bleepingcomputer.com/news/security/orangeworm-hackers-infect-x-ray-and-mri-machines-in-their-quest-for-patient-data/
⇒ https://malware-log.hatenablog.com/entry/2018/04/23/000000_5
◆医療業界を狙うマルウェア「Kwampirs」、医療機器やソフトウェアアップデート経由で感染拡大 (ITmedia, 2020/04/01 10:07)
https://www.itmedia.co.jp/enterprise/articles/2004/01/news066.html
⇒ https://malware-log.hatenablog.com/entry/2020/04/01/000000_7
【ブログ】
◆米国、ヨーロッパ、アジアの医療業界を狙う新しい攻撃グループ「Orangeworm」を確認 (Symantec, 2018/04/23)
Orangeworm という新しい攻撃グループが、医療業界やその関連業界を狙った標的型攻撃でバックドア Kwampirs を拡散していることを、シマンテックは確認しました。
https://www.symantec.com/connect/ja/blogs/orangeworm
⇒ https://malware-log.hatenablog.com/entry/2018/04/23/000000_4
◆New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia (Symantec, 2018/04/23)
https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia
⇒ https://malware-log.hatenablog.com/entry/2018/04/23/000000_4
◆Kwampirs threat actor continues to breach transnational healthcare orgs (HelpNetSecurity, 2020/03/31)
https://www.helpnetsecurity.com/2020/03/31/kwampirs/
⇒ https://malware-log.hatenablog.com/entry/2020/03/31/000000_7
【資料】
◆Kwampirs Malware Indicators of Compromise Employed in Ongoing Cyber Supply Chain Campaign Targeting Global Industries (FBI, 2020/03/25)
https://isc.sans.edu/diaryimages/FLASH-CP-000111-MW_downgraded_version.pdf
⇒ https://malware-log.hatenablog.com/entry/2020/03/25/000000_6
◆YARA Rules to Identify Kwampirs Malware Employed in Ongoing Cyber Supply Chain Campaign Targeting Global Industries (FBI, 2020/03/25)
https://isc.sans.edu/diaryimages/FLASH-CP-000118-MW_downgraded_version.pdf
⇒ https://malware-log.hatenablog.com/entry/2020/03/25/000000_7
◆Kwampirs Malware Employed in Ongoing Cyber Supply Chain Campaign Targeting Global Industries, including Healthcare Sector Summary (SANS, 2020/03/30)
https://isc.sans.edu/diaryimages/Kwampirs_PIN_20200330-001.pdf
⇒ https://malware-log.hatenablog.com/entry/2020/03/30/000000_8
【図表】
コマンド一覧
出典: https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia
【関連情報】
◆業種: 医療 (まとめ)
https://malware-log.hatenablog.com/entry/Medical
【関連まとめ記事】
◆標的型攻撃マルウェア (まとめ)
https://malware-log.hatenablog.com/entry/APT_Malware
◆業種: 医療 (まとめ)
https://malware-log.hatenablog.com/entry/Medical
