OilRig Deploys “ALMA Communicator” – DNS Tunneling Trojan
Unit 42 observed a new version of the Clayslide delivery document used to install a new custom Trojan whose developer calls “ALMA Communicator”.
Palo Alto Networks
OilRig attacks
OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group
New research from Unit 42: OilRig uses ISMDoor variant; possibly linked to Greenbug threat group.
OilRig Actors Provide a Glimpse into Development and Testing Efforts
Unit 42 researches the techniques used by attackers to avoid antivirus detection and successfully deliver OilRig campaign attacks.
OilRig Malware Campaign Updates Toolset and Expands Targets
Since our first published analysis of the OilRig campaign in May 2016 , we have continued to monitor this group for new activity. In recent weeks we've discovered that the group ha...
The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helmint...
In May 2016, Unit 42 observed targeted attacks primarily focused on financial institutions and technology organizations within Saudi Arabia. Artifacts...
Subscribe to the Blog!
Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.