Severity
High
Analysis Summary
A campaign has been uncovered that looks like the work of Iran-based APT group Helix Kitten, aka OilRig and APT34. Initial analysis of likely OilRig-related observables revealed a phishing campaign targeting the oil and gas sector, as well as several other manufacturing and technology companies. While much remains unknown about this newly identified campaign. The campaign circulates around the executable sent to the users and makes the initial access in the victim’s system.
Impact
- Credential theft
- Unauthorized Access
- Information theft and espionage
Indicators of Compromise
MD5
- 1858b880e23f1df3735f00719c2c28a3
- a90ae3747764127decae5a0d7856ef95
- e2919dea773eb0796e46e126dbce17b1
SHA-256
- cdf24afb558ca64ec69a9faf75e65143660fec8d15b239b0cf692908ace7f52b
- 08261ed40e21140eb438f16af0233217c701d9b022dce0a45b6e3e1ee2467739
- b46949feeda8726c0fb86d3cd32d3f3f53f6d2e6e3fcd6f893a76b8b2632b249
SHA-1
- a3223f56caaaa83d67f252dbf2d53a409a956b64
- 254e134490a0b74b3a66626fc0d62ff972cfc1a2
- 94aa7417f388c61a2d63ddcba6efec80c55f8555
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.