Oyun

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
Oyun is identified as a threat actor, a term used in cybersecurity to denote an entity that executes actions with malicious intent. This entity has been linked to a set of tools and scripts named after an individual called Yaser Balaghi, including Gholee, Woolger, MPK, and Oyun itself. The shift in preference from Oyun to Ishak scripts, which are substantially different, was observed in Fall 2015 when Rocket Kitten, another threat group, was the subject of multiple publications. These two sets of tools, one connected to Yaser Balaghi and the other to Flying Kitten, have come to define two distinct personalities within the "Rocket Kitten" group. In parallel, Oyun is also the name of Mongolian Prime Minister Oyun-Erdene Luvsannamsrai who has been actively involved in international diplomacy and strategic partnerships. Between August 2-6, Oyun-Erdene made his first official visit to the United States at the invitation of U.S. Vice President Kamala Harris. During this visit, Oyun-Erdene and his delegation met with various U.S. officials, including Secretary of State Antony Blinken and Secretary of Defense Lloyd Austin, marking the first time a Mongolian prime minister visited the Pentagon. This visit underscored Mongolia's increasing role in regional security matters and advanced economic ties between Mongolia and the United States. It is important to note that the two instances of 'Oyun' refer to distinct entities - one being a cybersecurity threat actor and the other being the Prime Minister of Mongolia. There is no evidence suggesting a connection between these two references. The threat actor Oyun's activities pertain to cyber espionage and potential data breaches, while Prime Minister Oyun-Erdene's activities relate to political diplomacy and strengthening international relations.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Rocket Kitten
1
Rocket Kitten is a recognized threat actor in the cybersecurity world, known for its malicious activities. This group was particularly active in 2016, using domains such as yahoo-drive.signin-useraccount-mail.com and yahoo-reset.signin-useraccount-mail.com to execute their operations. The group's mo
Flying Kitten
1
Flying Kitten is a threat actor that has been tracked and reported on since mid-January 2014, primarily by CrowdStrike Intelligence. The group first came to prominence in November 2013 with its cyber-attack using the domain xn--facebook-06k.com. It continued its malicious activities in March 2014 th
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Google
Spearphishing
Ukraine
Phishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
IshakUnspecified
1
Ishak is a threat actor that has been used in cyberattacks attributed to the group known as Rocket Kitten. This relationship became apparent around Fall 2015 when Rocket Kitten was the subject of multiple publications, and a shift in behavior was observed. The preference for Ishak scripts over anoth
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Oyun Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
6 months ago
President Tharman meets Chinese Premier Li Qiang, Ukraine President Zelensky in Davos
CERT-EU
a year ago
Mongolian government uses Google to strengthen its education initiatives
CERT-EU
10 months ago
OffSec’s Exploit Database Archive
CERT-EU
a year ago
GOM Player 2.3.90.5360 MITM / Remote Code Execution - KizzMyAnthia.com
CERT-EU
a year ago
Mongolian Prime Minister’s US Visit Marks Elevation of Mongolia’s Role in Indo-Pacific
MITRE
a year ago
Flying Kitten to Rocket Kitten, A Case of Ambiguity and Shared Code