← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OilRig uses ISMDoor variant; Possibly Linked to Greenbug Threat Group
WHITE OilRig AlienVault 2017-07-27 Modified: 2017-08-07
34
IOCs
MEDIUM VOLUME
Unit 42 has discovered activity involving threat actors responsible for the OilRig campaign with a potential link to a threat group known as GreenBug. Symantec first reported on this group back in January 2017, detailing their operations and using a custom information stealing Trojan called ISMDoor.
oilrigshamoonirangreenbug
Indicators of Compromise (3 / 34 total)
All domain FileHash-SHA256 URL hostname FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 1ed20a72cc85f3d806deb1b3e12c5e1d 2017-08-04
FileHash-MD5 6a51881ec0d10466db41ccd45c14d54e 2017-08-04
FileHash-MD5 da4556f1697a9a7b5a8e7b0175b8be2a 2017-08-04
References (3)
↗ https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/ ↗ https://pastebin.com/rnRXbitz ↗ https://twitter.com/eyalsela/status/893454958288404480