Kwampirs (d1e548b8-4793-11e8-8dea-6beff82cac0a)
Once Orangeworm has infiltrated a victim’s network, they deploy Trojan.Kwampirs, a backdoor Trojan that provides the attackers with remote access to the compromised computer. When executed, Kwampirs decrypts and extracts a copy of its main DLL payload from its resource section. Before writing the payload to disk, it inserts a randomly generated string into the middle of the decrypted payload in an attempt to evade hash-based detections.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Kwampirs (d1e548b8-4793-11e8-8dea-6beff82cac0a) | Tool | Kwampirs (2fc93875-eebb-41ff-a66e-84471c6cd5a3) | Malpedia | 1 |