Intel Name: Cyber threat hunting in healthcare, file infectors, botnets
Date of Scan: March 25, 2025
Impact: High
Summary: “Cyber Threat Hunting in Healthcare, File Infectors, Botnets” expands on the initial investigation into Silver Fox, a Chinese threat actor abusing Philips DICOM viewers to deploy a backdoor trojan. In this follow-up, the analysis focuses on malware detection using VirusTotal (VT), leveraging threat intelligence sources like eyeInspect’s and REM’s default credentials lists, along with a database of common healthcare software names. The investigation identifies malware that masquerades as legitimate healthcare applications, exploits medical system credentials, and interacts with medical devices via protocols like DICOM and HL7, highlighting the growing threat of file infectors and botnets in healthcare environments.
