ioc[.]one - OSINT Cyber Threat Intelligence Database

OilRig Malware Campaign Updates Toolset and Expands Targets

Tags

country:	Israel Saudi Arabia Qatar Turkey Yemen United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Non-Standard Port - T1509 Non-Standard Port - T1571 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	825d7f70-5d45-4d5b-8c0a-41af8260d9b0
Fingerprint	6484195bc091c381
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 4, 2016, 10:10 a.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 12, 2024, 2:50 p.m.
Headline	OilRig Malware Campaign Updates Toolset and Expands Targets
Title	OilRig Malware Campaign Updates Toolset and Expands Targets
Detected Hints/Tags/Attributes	64/3/85

Source URLs

	Redirection	Url
Details	Source	http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/
Details	Source	https://unit42.paloaltonetworks.com/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com
Details	paloaltonetworks.com	researchcenter.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	winodwsupdates.me
Details	Domain	4	go0gie.com
Details	Domain	4	update-kernal.net
Details	Domain	2	upgradesystems.info
Details	Domain	2	yahoooooomail.com
Details	Domain	2	googleupdate.download
Details	Domain	2	shalaghlagh.tk
Details	File	2	users.xls
Details	File	1	help-yemen.xls
Details	File	16	update.vbs
Details	File	5	dns.ps1
Details	File	2	fireeye.vbs
Details	File	1	fireeye.ps1
Details	File	2	upd.vbs
Details	File	3	dn.ps1
Details	File	1	komisova.vbs
Details	File	1	komisova.ps1
Details	File	2	counter.aspx
Details	File	2	sysupdate.aspx
Details	File	2	update-index.aspx
Details	File	1	upgrade-index.aspx
Details	File	56	update.php
Details	File	1	ok1.txt
Details	File	88	1.txt
Details	File	1	ok2.txt
Details	File	35	2.txt
Details	File	1	ok3.txt
Details	File	20	3.txt
Details	File	1	ok5.txt
Details	File	5	5.txt
Details	File	1	c:\windows\temp\t.txt
Details	File	1	ok7.txt
Details	File	5	7.txt
Details	File	1	ok11.txt
Details	File	4	11.txt
Details	sha256	1	f04cf9361cf46bff2f9d19617bba577ea5f3ad20ea76e1f7e159701e446364fc
Details	sha256	2	e2ec7fa60e654f5861e09bbe59d14d0973bd5727b83a2a03f1cecf1466dd87aa
Details	sha256	1	31db0841c3975be5395f13c894b7e444d150cc701487b756fff43ce78d98b1e6
Details	sha256	2	c3c17383f43184a29f49f166a92453a34be18e51935ddbf09576a60441440e51
Details	sha256	1	c6437f57a8f290b5ec46b0933bfa8a328b0cb2c0c7fbeea7f21b770ce0250d3d
Details	sha256	1	5a2c38be89ac878d28080a7465c4a3f8708fb414b811511b9d5ae61a47593a69
Details	sha256	2	bd0920c8836541f58e0778b4b64527e5a5f2084405f73ee33110f7bc189da7a9
Details	sha256	2	90639c7423a329e304087428a01662cc06e2e9153299e37b1b1c90f6d0a195ed
Details	sha256	1	528d432952ef879496542bc62a5a4b6eee788f60f220426bd7f933fa2c58dc6b
Details	sha256	1	3772d473a2fe950959e1fd56c9a44ec48928f92522246f75f4b8cb134f4713ff
Details	sha256	1	f3856c7af3c9f84101f41a82e36fc81dfc18a8e9b424a3658b6ba7e3c99f54f2
Details	sha256	2	0cd9857a3f626f8e0c07495a4799c59d502c4f3970642a76882e3ed68b790f8e
Details	sha256	1	80161dad1603b9a7c4a92a07b5c8bce214cf7a3df897b561732f9df7920ecb3e
Details	sha256	1	d874f513a032ccb6a5e4f0cd55862b024ea0bee4de94ccf950b3dd894066065d
Details	sha256	1	5e9ddb25bde3719c392d08c13a295db418d7accd25d82d020b425052e7ba6dc9
Details	sha256	1	299bc738d7b0292820d99028289280ba24d7fb985851d9c74060af7950cecef0
Details	sha256	1	2e226a0210a123ad828803eb871b74ecbdb702fc4babd9ff786231c486ff65e0
Details	sha256	1	f1de7b941817438da2a4b7284bc56c291db7312e3ba5e2397b3621811a816aa3
Details	sha256	1	65920eaea00764a245acb58a3565941477b78a7bcc9efaec5bf811573084b6cf
Details	sha256	1	742a52084162d3789e196fb5ff6f8e2983147cd914088bd5f9ed363d7a5b0df0
Details	sha256	1	4e5b85ea68bf8f2306b6b931810ae38c8dff3679d78da1af2c91032c36380353
Details	sha256	1	36d4b4b018ec78a79f3c06dc30ec77c250307628a7631f6b5b5995e797d0674f
Details	sha256	1	005dde45a6f1d9b2a254e71f89f12ab0dfaaa48d081f5c0a434800bd5c327086
Details	sha256	1	2c4bcab135bf1846684b598e66e3f51443f70f9e8d0544f3417774cbe907e8ef
Details	sha256	1	c4fbc723981fc94884f0f493cb8711fdc9da698980081d9b7c139fcffbe723da
Details	sha256	1	cffc694ace3e1547007ae00437536f2a88ba60179c51f23228e696fb02afdc86
Details	sha256	1	0b9437dd87a3c24ed7d200f9b870d69f9b7ad918c51325c11444df8bc6fb97ba
Details	sha256	2	903b6d948c16dc92b69fe1de76cf64ab8377893770bf47c29bf91f3fd987f996
Details	sha256	2	8bfbb637fe72da5c9aee9857ca81fa54a5abe7f2d1b061bc2a376943c63727c7
Details	sha256	1	9c0a33a5dc62933f17506f20e0258f877947bdcd15b091a597eac05d299b7471
Details	sha256	2	93940b5e764f2f4a2d893bebef4bf1f7d63c4db856877020a5852a6647cb04a0
Details	sha256	2	0ec288ac8c4aa045a45526c2939dbd843391c9c75fa4a3bcc0a6d7dc692fdcd1
Details	sha256	2	089bf971e8839db818ac462f53f82daed523c413bfc2e01fb76dd70b37162afe
Details	sha256	2	d808f3109822c185f1d8e1bf7ef7781c219dc56f5906478651748f0ace489d34
Details	sha256	2	3986d54b00647b507b2afd708b7a1ce4c37027fb77d67c6bc3c20c3ac1a88ca4
Details	sha256	3	1b2fee00d28782076178a63e669d2306c37ba0c417708d4dc1f751765c3f94e1
Details	sha256	3	662c53e69b66d62a4822e666031fd441bbdfa741e20d4511c6741ec3cb02475f
Details	sha256	3	f5a64de9087b138608ccf036b067d91a47302259269fb05b3349964ca4060e7e
Details	sha256	1	a787c0e42608f9a69f718f6dca5556607be45ec77d17b07eb9ea1e0f7bb2e064
Details	sha256	3	4b5112f0fb64825b879b01d686e8f4d43521252a3b4f4026c9d1d76d3f15b281
Details	sha256	1	3af6dfa4cebd82f48b6638a9757730810707d79d961dde1b72d3768e972e6184
Details	IPv4	2	83.142.230.138
Details	IPv4	1	87.117.204.143
Details	Url	1	http://winodwsupdates.me/counter.aspx?req=
Details	Url	1	http://go0gie.com/sysupdate.aspx?req=
Details	Url	1	http://update-kernal.net/update-index.aspx?req=
Details	Url	1	http://upgradesystems.info/upgrade-index.aspx?req=
Details	Url	1	http://yahoooooomail.com/update-index.aspx?req=
Details	Url	1	http://googleupdate.download/update-index.aspx?req=
Details	Url	1	http://83.142.230.138:7020/update.php?req=