Analyzing OilRig's Ops Tempo from Testing to Weaponization to Delivery
Tags
attack-pattern: Data Direct Hidden Window - T1564.003 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Tool - T1588.002 Hidden Window - T1143 Powershell - T1086 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID d0464727-b242-45e9-b9f6-1bb9aed8794b
Fingerprint f4e5884bac250701
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 16, 2018, 6 a.m.
Added to db Sept. 26, 2022, 9:33 a.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Analyzing OilRig's Ops Tempo from Testing to Weaponization to Delivery
Title Analyzing OilRig's Ops Tempo from Testing to Weaponization to Delivery
Detected Hints/Tags/Attributes 55/1/22
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/unit42-analyzing-oilrigs-ops-tempo-testing-weaponization-delivery/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details Domain 5 
withyourface.com
Details Domain 372 
wscript.shell
Details File 3 
15.doc
Details File 1 
xls-withyourface.xls
Details File 4 
test.xls
Details File 1 
sss.xls
Details File 9 
copy.xls
Details File 2127 
cmd.exe
Details File 2 
apppool.ps1
Details File 3 
apppool.vbs
Details File 1209 
powershell.exe
Details sha256 3 
7cbad6b3f505a199d6766a86b41ed23786bbb99dab9cae6c18936afdc2512f00
Details sha256 1 
6f522b1be1f2b6642c292bb3fb57f523ebedeb04f0d18efa2a283e79f3689a9f
Details sha256 1 
9b6ebc44e4452d8c53c21b0fdd8311bac10dc672309b67d7f214fbd2a08962ce
Details sha256 1 
a5bec7573b743932329b794042f38571dd91731ae50757317bdaf9e820ec8d5e
Details sha256 1 
6719e80361950cdb10c4a4fcccc389c2a26eaab761c202870353fe65e8f954a3
Details sha256 1 
056ffc13a7a2e944f7ab8c99ea9a2d1b429bbafa280eb2043678aa8b259999aa
Details sha256 1 
216ffed357b5fe4d71848c79f77716e9ecebdd010666cdb9edaadf7a8c9ec576
Details sha256 1 
687027d966667780ab786635b0d4274b651f27d99717c5ba95e139e94ef114c3
Details sha256 1 
364e2884251c151a29071a5975ca0076405a8cc2bab8da3e784491632ec07f56
Details sha256 1 
66d678b097a2245f60f3d95bb608f3958aa0f5f19ca7e5853f38ea79885b9633
Details sha256 1 
70ff20f2e5c7fd90c6bfe92e28df585f711ee4090fc7669b3a9bd024c4e11702