Orangeworm is a threat group that has targeted organizations in the healthcare industry in the United States, Europe, and Asia since at least 2015, for the suspected purpose of corporate espionage.

This is a collection of rules based on the presence of indicators of compromise publicly reported as associated with this malicious actor.