| SYMBOL | COMMON_NAME | aka. SYNONYMS |
OilRig is an Iranian threat group operating primarily in the Middle East by targeting organizations in this region that are in a variety of different industries; however, this group has occasionally targeted organizations outside of the Middle East as well. It also appears OilRig carries out supply chain attacks, where the threat group leverages the trust relationship between organizations to attack their primary targets. OilRig is an active and organized threat group, which is evident based on their systematic targeting of specific organizations that appear to be carefully chosen for strategic purposes. Attacks attributed to this group primarily rely on social engineering to exploit the human rather than software vulnerabilities; however, on occasion this group has used recently patched vulnerabilities in the delivery phase of their attacks. The lack of software vulnerability exploitation does not necessarily suggest a lack of sophistication, as OilRig has shown maturity in other aspects of their operations. Such maturities involve: -Organized evasion testing used the during development of their tools. -Use of custom DNS Tunneling protocols for command and control (C2) and data exfiltration. -Custom web-shells and backdoors used to persistently access servers. OilRig relies on stolen account credentials for lateral movement. After OilRig gains access to a system, they use credential dumping tools, such as Mimikatz, to steal credentials to accounts logged into the compromised system. The group uses these credentials to access and to move laterally to other systems on the network. After obtaining credentials from a system, operators in this group prefer to use tools other than their backdoors to access the compromised systems, such as remote desktop and putty. OilRig also uses phishing sites to harvest credentials to individuals at targeted organizations to gain access to internet accessible resources, such as Outlook Web Access. Since at least 2014, an Iranian threat group tracked by FireEye as APT34 has conducted reconnaissance aligned with the strategic interests of Iran. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries. Repeated targeting of Middle Eastern financial, energy and government organizations leads FireEye to assess that those sectors are a primary concern of APT34. The use of infrastructure tied to Iranian operations, timing and alignment with the national interests of Iran also lead FireEye to assess that APT34 acts on behalf of the Iranian government.
| 2024-11-21
⋅
Intrinsec
⋅
PROSPERO & Proton66: Uncovering the links between bulletproof networks Coper SpyNote FAKEUPDATES GootLoader EugenLoader |
| 2024-11-20
⋅
Intrinsec
⋅
PROSPERO & Proton66: Tracing Uncovering the links between bulletproof networks Coper SpyNote FAKEUPDATES GootLoader EugenLoader IcedID Matanbuchus Nokoyawa Ransomware Pikabot |
| 2024-10-11
⋅
Trend Micro
⋅
Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East STEALHOOK OilRig |
| 2024-10-11
⋅
Trend Micro
⋅
Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions STEALHOOK |
| 2024-10-08
⋅
Hunt.io
⋅
Inside a Cybercriminal’s Server: DDoS Tools, Spyware APKs, and Phishing Pages SpyNote |
| 2024-08-14
⋅
cyble
⋅
Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign pupy UTG-Q-010 |
| 2024-06-26
⋅
Group-IB
⋅
Craxs Rat, the master tool behind fake app scams and banking fraud CraxsRAT SpyMax SpyNote |
| 2024-06-20
⋅
Hunt.io
⋅
Caught in the Act: Uncovering SpyNote in Unexpected Places SpyNote |
| 2024-02-19
⋅
Fortinet
⋅
Android/SpyNote bypasses Restricted Settings + breaks many RE tools SpyNote |
| 2024-02-15
⋅
Fortinet
⋅
Android/SpyNote Moves to Crypto Currencies SpyNote |
| 2023-09-21
⋅
ESET Research
⋅
OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes Mango Solar |
| 2023-08-30
⋅
NSFOCUS
⋅
APT34 Unleashes New Wave of Phishing Attack with Variant of SideTwist Trojan SideTwist |
| 2023-07-31
⋅
Cleafy
⋅
SpyNote continues to attack financial institutions SpyNote |
| 2023-05-10
⋅
K7 Security
⋅
spynote SpyNote |
| 2023-02-02
⋅
Trend Micro
⋅
New APT34 Malware Targets The Middle East Karkoff RedCap Saitama Backdoor |
| 2023-01-05
⋅
Bleeping Computer
⋅
SpyNote Android malware infections surge after source code leak SpyNote |
| 2023-01-05
⋅
ThreatFabric
⋅
SpyNote: Spyware with RAT capabilities targeting Financial Institutions SpyMax SpyNote |
| 2023-01-04
⋅
K7 Security
⋅
Pupy RAT hiding under WerFault’s cover pupy |
| 2022-12-06
⋅
⋅
360 Threat Intelligence Center
⋅
Analysis of suspected APT-C-56 (Transparent Tribe) attacks against terrorism AhMyth Meterpreter SpyNote AsyncRAT |
| 2022-09-26
⋅
CrowdStrike
⋅
The Anatomy of Wiper Malware, Part 3: Input/Output Controls CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
| 2022-09-08
⋅
Microsoft
⋅
Microsoft investigates Iranian attacks against the Albanian government ZeroCleare |
| 2022-08-17
⋅
⋅
360
⋅
Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East SpyNote Loda Nanocore RAT NjRAT |
| 2022-08-12
⋅
CrowdStrike
⋅
The Anatomy of Wiper Malware, Part 1: Common Techniques Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
| 2022-08-10
⋅
K7 Security
⋅
spynote SpyNote |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Evasive Serpens TwoFace ISMAgent ISMDoor OopsIE RDAT OilRig |
| 2022-06-24
⋅
XJunior
⋅
APT34 - Saitama Agent Saitama Backdoor |
| 2022-06-20
⋅
⋅
Infinitum IT
⋅
Charming Kitten (APT35) LaZagne DownPaper MimiKatz pupy |
| 2022-06-15
⋅
Volexity
⋅
DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach pupy Sliver DriftingCloud |
| 2022-06-13
⋅
SANS ISC
⋅
Translating Saitama's DNS tunneling messages Saitama Backdoor |
| 2022-05-23
⋅
Trend Micro
⋅
Operation Earth Berberoka reptile oRAT Ghost RAT PlugX pupy Earth Berberoka |
| 2022-05-11
⋅
Fortinet
⋅
Please Confirm You Received Our APT Saitama Backdoor |
| 2022-05-10
⋅
Malwarebytes Labs
⋅
APT34 targets Jordan Government using new Saitama backdoor Saitama Backdoor |
| 2022-04-28
⋅
Fortinet
⋅
An Overview of the Increasing Wiper Malware Threat AcidRain CaddyWiper DistTrack DoubleZero EternalPetya HermeticWiper IsaacWiper Olympic Destroyer Ordinypt WhisperGate ZeroCleare |
| 2022-04-27
⋅
Trendmicro
⋅
IOCs for Earth Berberoka - Linux Rekoobe pupy Earth Berberoka |
| 2022-03-30
⋅
Recorded Future
⋅
Social Engineering Remains Key Tradecraft for Iranian APTs Liderc pupy |
| 2021-12-14
⋅
Recorded Future
⋅
Full Spectrum Detections for 5 Popular Web Shells: Alfa, SharPyShell, Krypton, ASPXSpy, and TWOFACE TwoFace |
| 2021-09-21
⋅
civilsphereproject
⋅
Capturing and Detecting AndroidTester Remote Access Trojan with the Emergency VPN SpyNote |
| 2021-06-16
⋅
⋅
Venustech
⋅
APT34 organization latest in-depth analysis report on attack activities Karkoff |
| 2021-04-21
⋅
Facebook
⋅
Taking Action Against Hackers in Palestine SpyNote Houdini NjRAT |
| 2021-04-08
⋅
Checkpoint
⋅
Iran’s APT34 Returns with an Updated Arsenal DNSpionage SideTwist TONEDEAF |
| 2021-02-28
⋅
PWC UK
⋅
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
| 2021-02-18
⋅
PTSecurity
⋅
https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/ Poet RAT Gravity RAT Ketrican Okrum OopsIE Remcos RogueRobinNET RokRAT SmokeLoader |
| 2020-12-10
⋅
Intel 471
⋅
No pandas, just people: The current state of China’s cybercrime underground Anubis SpyNote AsyncRAT Cobalt Strike Ghost RAT NjRAT |
| 2020-12-01
⋅
Qianxin
⋅
Blade Eagle Group - Targeted attack group activities circling the Middle East and West Asia's cyberspace revealed SpyNote BladeHawk |
| 2020-11-27
⋅
PTSecurity
⋅
Investigation with a twist: an accidental APT attack and averted data destruction TwoFace CHINACHOPPER HyperBro MegaCortex MimiKatz |
| 2020-09-25
⋅
APT vs Internet Service Providers TwoFace RGDoor |
| 2020-09-15
⋅
CrowdStrike
⋅
Nowhere to Hide - 2020 Threat Hunting Report NedDnLoader RDAT TRACER KITTEN |
| 2020-07-22
⋅
Palo Alto Networks Unit 42
⋅
OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory RDAT OilRig |
| 2020-07-22
⋅
Threatpost
⋅
OilRig APT Drills into Malware Innovation with Unique Backdoor OilRig |
| 2020-07-15
⋅
Relativity
⋅
An in-depth analysis of SpyNote remote access trojan SpyNote |
| 2020-07-13
⋅
FireEye
⋅
SCANdalous! (External Detection Using Network Scan Data and Automation) POWERTON QUADAGENT PoshC2 |
| 2020-06-18
⋅
Australian Cyber Security Centre
⋅
Advisory 2020-008: Copy-Paste Compromises –tactics, techniques and procedures used to target multiple Australian networks TwoFace Cobalt Strike Empire Downloader |
| 2020-05-19
⋅
Symantec
⋅
Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia ISMAgent ISMDoor |
| 2020-03-31
⋅
Volexity
⋅
Storm Cloud Unleashed: Tibetan Focus of Highly Targeted Fake Flash Campaign SpyNote Stitch Godlike12 Storm Cloud |
| 2020-03-12
⋅
Recorded Future
⋅
Swallowing the Snake’s Tail: Tracking Turla Infrastructure TwoFace Mosquito |
| 2020-03-03
⋅
PWC UK
⋅
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
| 2020-03-02
⋅
Yoroi
⋅
Karkoff 2020: a new APT34 espionage operation involves Lebanon Government Karkoff |
| 2020-03-02
⋅
Telsy
⋅
APT34 (aka OilRig, aka Helix Kitten) attacks Lebanon government entities with MailDropper implants Karkoff |
| 2020-02-13
⋅
Qianxin
⋅
APT Report 2019 Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy |
| 2020-01-30
⋅
Intezer
⋅
New Iranian Campaign Tailored to US Companies Utilizes an Updated Toolset TONEDEAF VALUEVAULT |
| 2020-01-23
⋅
Recorded Future
⋅
European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019 pupy pupy pupy |
| 2020-01-17
⋅
FireEye
⋅
State of the Hack: Spotlight Iran - from Cain & Abel to full SANDSPY QUADAGENT Fox Kitten |
| 2020-01-01
⋅
FireEye
⋅
Mandiant IR Grab Bag of Attacker Activity TwoFace CHINACHOPPER HyperBro HyperSSL |
| 2020-01-01
⋅
Secureworks
⋅
COBALT EDGEWATER DNSpionage Karkoff DNSpionage |
| 2020-01-01
⋅
Secureworks
⋅
COBALT GYPSY TwoFace MacDownloader BONDUPDATER pupy Helminth jason RGDoor TinyZbot OilRig |
| 2020-01-01
⋅
Secureworks
⋅
IRON HUNTER Agent.BTZ Cobra Carbon System LightNeuron Mosquito Nautilus Neuron Skipper Uroburos Turla |
| 2019-12-09
⋅
IBM Security
⋅
New Destructive Wiper “ZeroCleare” Targets Energy Sector in the Middle East ZeroCleare |
| 2019-11-20
⋅
ClearSky
⋅
MuddyWater Uses New Attack Methods in a Recent Attack Wave QUADAGENT RogueRobin |
| 2019-11-19
⋅
FireEye
⋅
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC POISONPLUG Poison Ivy pupy Quasar RAT ZXShell |
| 2019-11-09
⋅
NSFOCUS
⋅
APT34 Event Analysis Report BONDUPDATER DNSpionage |
| 2019-10-21
⋅
NCSC UK
⋅
Advisory: Turla group exploits Iranian APT to expand coverage of victims Nautilus Neuron |
| 2019-09-18
⋅
IronNet
⋅
Chirp of the PoisonFrog BONDUPDATER |
| 2019-08-22
⋅
Cyware
⋅
APT34: The Helix Kitten Cybercriminal Group Loves to Meow Middle Eastern and International Organizations TwoFace BONDUPDATER POWRUNER QUADAGENT Helminth ISMAgent Karkoff LONGWATCH OopsIE PICKPOCKET RGDoor VALUEVAULT |
| 2019-08-22
⋅
Github (n1nj4sec)
⋅
Pupy RAT pupy pupy pupy |
| 2019-07-18
⋅
FireEye
⋅
Hard Pass: Declining APT34’s Invite to Join Their Professional Network LONGWATCH PICKPOCKET TONEDEAF VALUEVAULT |
| 2019-07-08
⋅
SANS
⋅
Hunting Webshells: Tracking TwoFace TwoFace |
| 2019-06-06
⋅
APT34: Jason project jason |
| 2019-06-03
⋅
Twitter (@P3pperP0tts)
⋅
Tweet on APT34 jason |
| 2019-05-02
⋅
Marco Ramilli's Blog
⋅
APT34: Glimpse project BONDUPDATER |
| 2019-04-30
⋅
Palo Alto Networks Unit 42
⋅
Behind the Scenes with OilRig BONDUPDATER |
| 2019-04-30
⋅
ClearSky
⋅
Raw Threat Intelligence 2019-04-30: Oilrig data dump link analysis SpyNote OopsIE |
| 2019-04-23
⋅
Talos
⋅
DNSpionage brings out the Karkoff DNSpionage Karkoff DNSpionage |
| 2019-04-19
⋅
Medium
⋅
Hacking (Back) and Influence Operations BONDUPDATER |
| 2019-04-17
⋅
Malware Reversing Blog
⋅
The Dukes: 7 Years Of Russian Cyber-Espionage TwoFace BONDUPDATER DNSpionage |
| 2019-04-16
⋅
DNS Tunneling in the Wild: Overview of OilRig’s DNS Tunneling BONDUPDATER QUADAGENT Alma Communicator Helminth ISMAgent |
| 2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33 |
| 2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33 |
| 2019-02-13
⋅
Youtube (SANS Digital Forensics & Incident Response)
⋅
Hunting Webshells: Tracking TwoFace - SANS Threat Hunting Summit 2018 TwoFace |
| 2019-01-01
⋅
Council on Foreign Relations
⋅
APT 34 OilRig |
| 2019-01-01
⋅
MITRE
⋅
Group description: OilRig OilRig |
| 2019-01-01
⋅
Council on Foreign Relations
⋅
OilRig OilRig |
| 2018-12-21
⋅
FireEye
⋅
OVERRULED: Containing a Potentially Destructive Adversary POWERTON PoshC2 pupy |
| 2018-12-19
⋅
Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems OilRig |
| 2018-12-17
⋅
Twitter (@MJDutch)
⋅
Tweet on APT39 OilRig |
| 2018-12-14
⋅
Symantec
⋅
Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail DistTrack Filerase StoneDrill OilRig |
| 2018-12-14
⋅
Symantec
⋅
Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail OilRig |
| 2018-11-27
⋅
CrowdStrike
⋅
Meet CrowdStrike’s Adversary of the Month for November: HELIX KITTEN OilRig |
| 2018-11-16
⋅
Palo Alto Networks Unit 42
⋅
Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery OilRig |
| 2018-09-14
⋅
NetScout
⋅
Tunneling Under the Sands BONDUPDATER |
| 2018-09-12
⋅
Palo Alto Networks Unit 42
⋅
OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government OilRig |
| 2018-09-12
⋅
Palo Alto Networks Unit 42
⋅
OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government BONDUPDATER |
| 2018-08-03
⋅
Github (Unit42)
⋅
OilRig Playbook OilRig |
| 2018-07-25
⋅
Palo Alto Networks Unit 42
⋅
OilRig Targets Technology Service Provider and Government Agency with QUADAGENT OilRig |
| 2018-07-07
⋅
Youtube (SteelCon)
⋅
You’ve Got Mail! TwoFace |
| 2018-04-20
⋅
Booz Allen Hamilton
⋅
Researchers Discover New variants of APT34 Malware BONDUPDATER POWRUNER |
| 2018-03-25
⋅
Vitali Kremez Blog
⋅
Let's Learn: Internals of Iranian-Based Threat Group "Chafer" Malware: Autoit and PowerShell Persistence OilRig |
| 2018-03-01
⋅
Nyotron
⋅
OilRig is Back with Next-Generation Tools and Techniques GoogleDrive RAT |
| 2018-02-23
⋅
Palo Alto Networks Unit 42
⋅
OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan OilRig |
| 2018-02-23
⋅
Palo Alto Networks Unit 42
⋅
OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan OopsIE |
| 2018-01-25
⋅
Palo Alto Networks Unit 42
⋅
OilRig uses RGDoor IIS Backdoor on Targets in the Middle East OilRig |
| 2018-01-17
⋅
NCSC UK
⋅
Turla group malware Nautilus Neuron |
| 2018-01-01
⋅
FireEye
⋅
M-TRENDS2018 APT35 OilRig |
| 2017-12-15
⋅
Palo Alto Networks Unit 42
⋅
Introducing the Adversary Playbook: First up, OilRig OilRig |
| 2017-12-11
⋅
Palo Alto Networks Unit 42
⋅
OilRig Performs Tests on the TwoFace Webshell TwoFace |
| 2017-12-07
⋅
FireEye
⋅
New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit OilRig |
| 2017-11-08
⋅
Palo Alto Networks Unit 42
⋅
OilRig Deploys “ALMA Communicator” – DNS Tunneling Trojan Alma Communicator |
| 2017-10-09
⋅
Palo Alto Networks Unit 42
⋅
OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan OilRig |
| 2017-09-26
⋅
Palo Alto Networks Unit 42
⋅
Striking Oil: A Closer Look at Adversary Infrastructure OilRig |
| 2017-08-28
⋅
ClearSky
⋅
Recent ISMAgent Samples and Infrastructure by Iranian Threat Group GreenBug ISMAgent |
| 2017-07-31
⋅
Palo Alto Networks Unit 42
⋅
TwoFace Webshell: Persistent Access Point for Lateral Movement TwoFace OilRig |
| 2017-07-12
⋅
Wired
⋅
Iranian Hackers Have Been Infiltrating Critical Infrastructure Companies OilRig |
| 2017-04-27
⋅
Morphisec
⋅
Iranian Fileless Attack Infiltrates Israeli Organizations Helminth OilRig |
| 2017-04-27
⋅
Morphisec
⋅
Iranian Fileless Attack Infiltrates Israeli Organizations OilRig |
| 2017-04-27
⋅
Palo Alto Networks Unit 42
⋅
OilRig Actors Provide a Glimpse into Development and Testing Efforts OilRig |
| 2017-04-24
⋅
⋅
CERT-IL
⋅
Wave attacks against government agencies, academia and business entities in Israel OilRig |
| 2017-02-16
⋅
SecurityAffairs
⋅
Iranian hackers behind the Magic Hound campaign linked to Shamoon pupy APT35 |
| 2017-02-15
⋅
Secureworks
⋅
Iranian PupyRAT Bites Middle Eastern Organizations pupy Cleaver |
| 2017-02-15
⋅
Forbes
⋅
Inside OilRig -- Tracking Iran's Busiest Hacker Crew On Its Global Rampage OilRig |
| 2017-02-15
⋅
Palo Alto Networks Unit 42
⋅
Magic Hound Campaign Attacks Saudi Targets Leash MPKBot pupy Rocket Kitten |
| 2017-02-10
⋅
⋅
JPCERT/CC
⋅
Malware that infects using PowerSploit pupy |
| 2017-01-05
⋅
ClearSky
⋅
Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford OilRig |
| 2017-01-05
⋅
ClearSky
⋅
Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford OilRig |
| 2016-11-30
⋅
Symantec
⋅
Shamoon: Back from the dead and destructive as ever OilRig |
| 2016-11-30
⋅
Symantec
⋅
Shamoon: Back from the dead and destructive as ever DistTrack OilRig |
| 2016-10-04
⋅
Palo Alto Networks Unit 42
⋅
OilRig Malware Campaign Updates Toolset and Expands Targets OilRig |
| 2016-10-04
⋅
Palo Alto Networks Unit 42
⋅
OilRig Malware Campaign Updates Toolset and Expands Targets Helminth |
| 2016-05-26
⋅
Palo Alto Networks Unit 42
⋅
The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor Helminth |
| 2016-05-26
⋅
Palo Alto Networks Unit 42
⋅
The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor OilRig |
| 2016-05-22
⋅
FireEye
⋅
Targeted Attacks against Banks in the Middle East Helminth OilRig |
| 2016-01-01
⋅
Palo Alto Networks Unit 42
⋅
Unit 42 Playbook Viewer OilRig |
| 2012-08-16
⋅
Symantec
⋅
The Shamoon Attacks OilRig |
| 2012-08-16
⋅
Symantec
⋅
The Shamoon Attacks DistTrack OilRig |