Skip to content

Latest commit

 

History

History
 
 

OilRig

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

NAME:
OilRig

Alias
Greenbug, Chrysene, Shamoon 2, Twisted Kitten, Cobalt Gypsy, PIPEFISH, OilRig

Description:
OilRig is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. Its targets contain a variety of industries, including financial, government, energy, chemical, and telecommunications. It appears the group carries out supply chain attacks, leveraging the trust relationship between organizations to attack their primary targets. FireEye assesses that the group works on behalf of the Iranian government. This group was previously tracked under two distinct groups, APT34 and OilRig, but was combined due to additional reporting giving higher confidence about the overlap of the activity.

References:
https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html
http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/
http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/
http://www.clearskysec.com/oilrig/
https://cert.gov.il/Updates/Alerts/SiteAssets/CERT-IL-ALERT-W-120.pdf
http://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/
http://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerability%20
https://www.forbes.com/sites/thomasbrewster/2017/02/15/oilrig-iran-hackers-cyberespionage-us-turkey-saudi-arabia/#56749aa2468a
https://researchcenter.paloaltonetworks.com/2017/07/unit42-twoface-webshell-persistent-access-point-lateral-movement/
https://researchcenter.paloaltonetworks.com/2017/12/unit42-introducing-the-adversary-playbook-first-up-oilrig/
https://pan-unit42.github.io/playbook_viewer/
https://raw.githubusercontent.com/pan-unit42/playbook_viewer/master/playbook_json/oilrig.json
https://www.clearskysec.com/oilrig/
https://pan-unit42.github.io/playbook_viewer/
https://researchcenter.paloaltonetworks.com/2018/11/unit42-analyzing-oilrigs-ops-tempo-testing-weaponization-delivery/