ID | Votes | Profile Description |
---|---|---|
OilRig | 2 | OilRig is a well-known threat actor in the cybersecurity landscape, notorious for its sophisticated attacks on various targets, including Middle Eastern telecommunications organizations and Israel's critical infrastructure sector. This entity has been linked to several high-profile campaigns such as |
POLONIUM | 1 | Polonium is a threat actor group, believed to be based in Lebanon, that has been responsible for significant cyberattacks on Israel's operational technology (OT) and critical infrastructure. In December, Israel's National Cyber Directorate issued warnings that Polonium had targeted critical sectors |
Siamesekitten | 1 | Siamesekitten, also known as OilRig, APT34, Lyceum, or Crambus, is a threat actor group believed to be based in Iran. This cyberespionage entity has been active since at least 2014 and has targeted various organizations across the globe with malicious intent. The group is known for its sophisticated |
ID | Type | Votes | Profile Description |
---|---|---|---|
Shark | Unspecified | 1 | Shark is a type of malware, or malicious software, that was deployed by the cyber group OilRig. In 2021, OilRig updated its DanBot backdoor and began deploying the Shark, Milan, and Marlin backdoors, as highlighted in the T3 2021 issue of the ESET Threat Report. This harmful program can infiltrate s |
Milan | Unspecified | 1 | Milan is a malicious software, or malware, that was notably deployed by the cyber group OilRig in 2021. The group updated its DanBot backdoor and began deploying multiple backdoors including Shark, Milan, and Marlin. These backdoors were mentioned in the T3 2021 issue of the ESET Threat Report. Simi |
Sc5k | Unspecified | 1 | SC5k is a malware developed by OilRig, first discovered in November 2021 during the group's Outer Space campaign. This malicious software acts as a vehicle to deploy a downloader called SampleCheck5000 (SC5k), which utilizes the Office Exchange Web Services (EWS) API to download additional tools for |
adobereport.exe | Unspecified | 1 | None |
DanBot | Unspecified | 1 | DanBot is a malicious software (malware) written in C# using .NET Framework 2.0 that provides basic remote access capabilities. It was identified as part of the arsenal used by the cyber threat group, OilRig, and has been linked to other backdoors such as Solar, Shark, Milan, and Marlin. The malware |
ID | Type | Votes | Profile Description |
---|---|---|---|
Scarred Manticore | Unspecified | 1 | Scarred Manticore is a threat actor known for its malicious cyber activities, which have been observed in Albania in 2022 and Israel from 2023 to 2024. The group uses sophisticated techniques including a web shell-based version of the LIONTAIL shellcode loader and .NET payloads obfuscated similarly |
Crambus | Unspecified | 1 | The Iranian Crambus espionage group, also known as OilRig, APT34, and other aliases, is a threat actor with extensive expertise in long-term cyber-espionage campaigns. In the most recent attack between February and September 2023, this group infiltrated an unnamed Middle Eastern government's network |
ID | Type | Votes | Profile Description |
---|---|---|---|
Samplecheck5000 Sc5k | Unspecified | 1 | SampleCheck5000 (SC5k) is a vulnerability in software design or implementation, used by the threat group OilRig, also known as APT34, Helix Kitten, Cobalt Gypsym, Lyceum, Crambus, or Siamesekitten. This group has been linked to potential Iranian threat actors and is notorious for its sophisticated c |
Source | CreatedAt | Title |
---|---|---|
DARKReading | 7 months ago | Iran-Linked 'OilRig' Cyberattackers Target Israel's Critical Infrastructure, Over & Over |
CERT-EU | 9 months ago | Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign |
CERT-EU | 9 months ago | Secondary school in Meppel evacuated over possible threat |
CERT-EU | 9 months ago | APT trends report Q3 2023 |
MITRE | a year ago | Exposing POLONIUM activity and infrastructure targeting Israeli organizations - Microsoft Security Blog |
MITRE | a year ago | Who are Latest Targets of Cyber Group Lyceum | Accenture |
MITRE | a year ago | Cyber Threat Group LYCEUM Takes Center Stage in Middle East Campaign |
MITRE | a year ago | Lyceum .NET DNS Backdoor | Zscaler |