← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OilRig uses ISMDoor variant; Possibly Linked to Greenbug Threat Group
WHITE OilRig AlienVault 2017-07-27 Modified: 2017-08-07
34
IOCs
MEDIUM VOLUME
Unit 42 has discovered activity involving threat actors responsible for the OilRig campaign with a potential link to a threat group known as GreenBug. Symantec first reported on this group back in January 2017, detailing their operations and using a custom information stealing Trojan called ISMDoor.
oilrigshamoonirangreenbug
Indicators of Compromise (5 / 34 total)
All domain FileHash-SHA256 URL hostname FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 3eb14b6705179590f0476d3d3cbd71665e7c1935ecac3df7b876edc9bd7641b6 2017-07-27
FileHash-SHA256 52366b9ab2eb1d77ca6719a40f4779eb302dca97a832bd447abf10512dc51ed9 2017-07-27
FileHash-SHA256 5ac939a5426db8614165bd8b6a02d3e8d9f167379c6ed28025bf3b37f1aea902 2017-07-27
FileHash-SHA256 af4d8604d0cd09b8dc01dbafc33c6d240d356cad366f9917192a2725e0121a0d 2017-07-27
FileHash-SHA256 bbfc05177e5e29b3c8c4ef0148969d07e6239140da5bff57473c32409e76c070 2017-07-27
References (3)
↗ https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/ ↗ https://pastebin.com/rnRXbitz ↗ https://twitter.com/eyalsela/status/893454958288404480