OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 73d61022-40f6-4047-856a-0bfe34794d52 |
| Fingerprint | 6c0c09992ba5c109 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 9, 2017, 7 a.m. |
| Added to db | Sept. 26, 2022, 9:32 a.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan |
| Title | OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan |
| Detected Hints/Tags/Attributes | 84/4/59 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 269 | cve-2017-0199 |
|
| Details | CVE | 2 | cve-2017-1099 |
|
| Details | Domain | 1 | www.cdnakamaiplanet.com |
|
| Details | Domain | 1 | issue-doc.zip |
|
| Details | Domain | 1 | issue-doc1.zip |
|
| Details | Domain | 1 | issue.dot |
|
| Details | Domain | 36 | schemas.openxmlformats.org |
|
| Details | Domain | 2 | cdn.com |
|
| Details | Domain | 1 | index.dot |
|
| Details | Domain | 4 | msoffice-cdn.com |
|
| Details | Domain | 3 | office365-management.com |
|
| Details | Domain | 2 | msoffice365update.com |
|
| Details | Domain | 1 | red-gate.com |
|
| Details | Domain | 1 | cdnmsnupdate.com |
|
| Details | Domain | 1 | cdnakamaiplanet.com |
|
| Details | Domain | 4 | microsoft-publisher.com |
|
| Details | Domain | 1 | adpolioe.com |
|
| Details | Domain | 4 | ntpupdateserver.com |
|
| Details | File | 1 | issue-doc.zip |
|
| Details | File | 1 | issue-doc1.zip |
|
| Details | File | 1 | issue.doc |
|
| Details | File | 1 | issue.dot |
|
| Details | File | 2 | %appdata%\base.txt |
|
| Details | File | 2 | %public%\libraries\servicereset.exe |
|
| Details | File | 2 | servicereset.exe |
|
| Details | File | 1 | template.rtf |
|
| Details | File | 1 | index.dot |
|
| Details | File | 1 | %localappdata%\srvbs.txt |
|
| Details | File | 1 | %localappdata%\srvhealth.exe |
|
| Details | File | 1 | srvhealth.exe |
|
| Details | File | 1 | srvbs.txt |
|
| Details | File | 2127 | cmd.exe |
|
| Details | File | 1 | inner.dll |
|
| Details | File | 4 | joiner.dll |
|
| Details | File | 103 | regasm.exe |
|
| Details | File | 1 | dynamiccallrunpe.cs |
|
| Details | File | 4 | aws.exe |
|
| Details | sha256 | 2 | 119c64a8b35bd626b3ea5f630d533b2e0e7852a4c59694125ff08f9965b5f9cc |
|
| Details | sha256 | 1 | 33c187cfd9e3b68c3089c27ac64a519ccc951ccb3c74d75179c520f54f11f647 |
|
| Details | sha256 | 1 | 74f61b6ff0eb58d76f4cacfb1504cb6b72684d0d0980d42cba364c6ef28223a8 |
|
| Details | sha256 | 1 | 66358a295b8b551819e053f2ee072678605a5f2419c1c486e454ab476c40ed6a |
|
| Details | sha256 | 1 | f92ab374edd488d85f2e113b40ea8cb8baf993f5c93c12455613ad3265f42b17 |
|
| Details | sha256 | 1 | fcad263d0fe2b418db05f47d4036f0b42aaf201c9b91281dfdcb3201b298e4f4 |
|
| Details | sha256 | 1 | 0ccb2117c34e3045a4d2c0d193f1963c8c0e8566617ed0a561546c932d1a5c0c |
|
| Details | sha256 | 2 | a9f1375da973b229eb649dc3c07484ae7513032b79665efe78c0e55a6e716821 |
|
| Details | sha256 | 1 | 963f93824d87a56fe91283652eab5841e2ec538c207091dbc9606b962e38805d |
|
| Details | IPv4 | 1 | 82.102.14.216 |
|
| Details | IPv4 | 3 | 82.102.14.222 |
|
| Details | IPv4 | 1 | 82.102.14.246 |
|
| Details | IPv4 | 1 | 74.91.19.122 |
|
| Details | IPv4 | 1 | 74.91.19.108 |
|
| Details | IPv4 | 3 | 185.162.235.121 |
|
| Details | IPv4 | 2 | 185.162.235.29 |
|
| Details | Pdb | 1 | c:\users\j-win-10\desktop\agent injector\policyconverter\inner\obj\release\inner.pdb |
|
| Details | Pdb | 1 | c:\users\j-win-10\desktop\agent injector\policyconverter\joiner\obj\release\joiner.pdb |
|
| Details | Url | 1 | http://schemas.openxmlformats.org/officedocument/2006/relationships/ole |
|
| Details | Url | 1 | http://www.msoffice |
|
| Details | Url | 1 | http://office365-management.com/updatejuly/template.rtf |
|
| Details | Url | 1 | http://82.102.14.246/webdav/aws.exe |