Alias Description | Votes |
---|---|
APT34 is a possible alias for OilRig. APT34, a threat actor suspected to be linked to Iran, has been operational since at least 2014 and is involved in long-term cyber espionage operations largely focused on reconnaissance efforts. The group targets a variety of sectors including financial, government, energy, chemical, and telecommunic | 5 |
MuddyWater is a possible alias for OilRig. MuddyWater is an Advanced Persistent Threat (APT) actor that first surfaced in 2017, primarily targeting countries in the Middle East, Europe, and the USA. The group uses a range of techniques for its cyber-espionage activities, including PowerShell for execution, HTTP for C2 communications, and mal | 3 |
Siamesekitten is a possible alias for OilRig. Siamesekitten, also known as OilRig, APT34, Lyceum, Crambus, is a cyberespionage group believed to be based in Iran. Active since at least 2014, the group has been implicated in various hacking activities with malicious intent. Siamesekitten's operations have been linked to numerous other threat gro | 3 |
Crambus is a possible alias for OilRig. The Iranian Crambus espionage group, also known as OilRig, APT34, and other aliases, is a threat actor with extensive expertise in long-term cyber-espionage campaigns. In the most recent attack between February and September 2023, this group infiltrated an unnamed Middle Eastern government's network | 3 |
SUNBURST is a possible alias for OilRig. Sunburst is a sophisticated malware that was detected in a major supply chain attack in December 2020. The Sunburst backdoor has been tied to Kazuar, another malicious software, due to code resemblance, indicating its high level of complexity. This malware infiltrates systems, often without the user | 2 |
Lyceum is a possible alias for OilRig. Lyceum, also known as DEV-0133 and potentially linked to the OilRig group (aka APT34, Helix Kitten, Cobalt Gypsym, Crambus, or Siamesekitten), is a threat actor believed to be a Farsi-speaking entity active since 2018. It is suspected to be a subordinate element within Iran's Ministry of Intelligenc | 2 |
COBALT GYPSY is a possible alias for OilRig. Cobalt Gypsy, also known as APT34, Helix Kitten, Hazel Sandstorm, and OilRig, is an Iranian advanced persistent threat operation that has been active since at least 2014. This threat actor has a history of targeting sectors such as telecommunications, government, defense, oil, and financial services | 2 |
Helix Kitten is a possible alias for OilRig. Helix Kitten, also known as APT34, OilRig, Cobalt Gypsy, Hazel Sandstorm, and Crambus, is a threat actor believed to originate from Iran. The group has been tracked by various cybersecurity firms including FireEye, Symantec, and CrowdStrike, each using different names to identify the same entity. Th | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Sc5k Malware is associated with OilRig. SC5k is a malware developed by OilRig, first discovered in November 2021 during the group's Outer Space campaign. This malicious software acts as a vehicle to deploy a downloader called SampleCheck5000 (SC5k), which utilizes the Office Exchange Web Services (EWS) API to download additional tools for | Unspecified | 3 |
The Shark Malware is associated with OilRig. Shark is a malicious software (malware) deployed by the cyber threat group known as OilRig. In 2021, OilRig updated its DanBot backdoor and began deploying multiple new backdoors including Shark, Milan, and Marlin, as reported in the T3 2021 issue of the ESET Threat Report. This malware can infiltra | Unspecified | 2 |
The Marlin Malware is associated with OilRig. Marlin is a type of malware, or malicious software, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Marlin can steal personal information, disrupt operations, or even hold data | Unspecified | 2 |
The Samplecheck5000 Malware is associated with OilRig. SampleCheck5000 (SC5k) is a malicious software, or malware, developed as a lightweight downloader by OilRig. This malware is notable for its use of legitimate cloud service APIs such as Microsoft Graph OneDrive, Outlook, and the Office Exchange Web Services (EWS) for command and control (C&C) commun | Unspecified | 2 |
The SideTwist Malware is associated with OilRig. SideTwist is a malware variant discovered and named by Check Point Research during an investigation into a campaign led by the Iranian threat group APT34 (also known as OilRig). This new backdoor variant was used against what appeared to be a Lebanese target. The SideTwist backdoor, identified via i | Unspecified | 2 |
The DanBot Malware is associated with OilRig. DanBot is a malicious software (malware) written in C# using .NET Framework 2.0 that provides basic remote access capabilities. It was identified as part of the arsenal used by the cyber threat group, OilRig, and has been linked to other backdoors such as Solar, Shark, Milan, and Marlin. The malware | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Scarred Manticore Threat Actor is associated with OilRig. Scarred Manticore, also known as Storm-861, is a threat actor believed to be linked with Iran's Ministry of Intelligence and Security (MOIS). This group has been implicated in high-level espionage activities targeting organizations across the Middle East and beyond. The group's operations have been | Unspecified | 5 |
The Turla Threat Actor is associated with OilRig. Turla, a threat actor linked to Russia, is known for its sophisticated cyber espionage operations. The group has been associated with numerous high-profile attacks, often utilizing advanced backdoors and fileless malware for infiltration and persistence. Turla's tactics, techniques, and procedures ( | Unspecified | 3 |
The DarkHydrus Threat Actor is associated with OilRig. DarkHydrus, an Iranian threat group also known as Obscure Serpens, is a significant cybersecurity concern. Notable for its malicious activities, DarkHydrus has targeted government agencies and educational institutions in the Middle East since 2016, employing sophisticated techniques such as DNS tunn | is related to | 2 |
The Elfin Threat Actor is associated with OilRig. Elfin, also known as APT33, Peach Sandstorm, HOLMIUM, MAGNALIUM, and REFINED KITTEN, is a threat actor group that has been active since at least 2013. This group has been associated with numerous cyber-espionage activities targeting various sectors including government, defense, satellite, oil, and | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Samplecheck5000 Sc5k Vulnerability is associated with OilRig. SampleCheck5000 (SC5k) is a vulnerability in software design or implementation, used by the threat group OilRig, also known as APT34, Helix Kitten, Cobalt Gypsym, Lyceum, Crambus, or Siamesekitten. This group has been linked to potential Iranian threat actors and is notorious for its sophisticated c | Unspecified | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
Trend Micro | 2 months ago | ||
Unit42 | 3 months ago | ||
DARKReading | 3 months ago | ||
ESET | 7 months ago | ||
Unit42 | 7 months ago | ||
DARKReading | 8 months ago | ||
Securelist | 8 months ago | ||
Fortinet | 8 months ago | ||
DARKReading | 9 months ago | ||
CERT-EU | a year ago | ||
DARKReading | a year ago | ||
ESET | a year ago | ||
DARKReading | a year ago | ||
CERT-EU | a year ago | ||
BankInfoSecurity | a year ago | ||
CERT-EU | a year ago | ||
DARKReading | a year ago | ||
CERT-EU | a year ago | ||
CERT-EU | a year ago | ||
CERT-EU | a year ago |