OilRig Análise
IOB - Indicator of Behavior (487)
Actividades
Interesse
Vulnerabilidades
IOC - Indicator of Compromise (20)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (21)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (157)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
| ID | Classe | Indicator | Tipo | Aceitação |
|---|---|---|---|---|
| 1 | File | /admin/index.php | predictive | Alto |
| 2 | File | /bdswebui/assignusers/ | predictive | Alto |
| 3 | File | /bin/goahead | predictive | Médio |
| 4 | File | /cgi-bin/luci | predictive | Alto |
| 5 | File | /cgi-bin/supervisor/PwdGrp.cgi | predictive | Alto |
| 6 | File | /dev/dri/card1 | predictive | Alto |
| 7 | File | /forum/away.php | predictive | Alto |
| 8 | File | /GetCSSashx/?CP=%2fwebconfig | predictive | Alto |
| 9 | File | /HNAP1 | predictive | Baixo |
| 10 | File | /horde/util/go.php | predictive | Alto |
| 11 | File | /login.html | predictive | Médio |
| 12 | File | /proc/#####/fd/3 | predictive | Alto |
| 13 | File | /squashfs-root/www/HNAP1/control/SetWizardConfig.php | predictive | Alto |
| 14 | File | /uir/ | predictive | Baixo |
| 15 | File | /uncpath/ | predictive | Médio |
| 16 | File | /xpdf/Stream.cc | predictive | Alto |
| 17 | File | actions.hsp | predictive | Médio |
| 18 | File | adclick.php | predictive | Médio |
| 19 | File | xxx_xxxx_xxxx.xxx | predictive | Alto |
| 20 | File | xxxxx/xxxxxxxxx/ | predictive | Alto |
| 21 | File | xxxxx/xxxxx.xxx | predictive | Alto |
| 22 | File | xxx/xx | predictive | Baixo |
| 23 | File | xxxxxxx.xxx | predictive | Médio |
| 24 | File | xxxxxxx/xxxxxxxxxxx.x | predictive | Alto |
| 25 | File | xxxxx_xxx.xxx | predictive | Alto |
| 26 | File | xxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxx | predictive | Alto |
| 27 | File | xxxxx_xxxx.x | predictive | Médio |
| 28 | File | xxxxx.xxx | predictive | Médio |
| 29 | File | xxx-xxxx.xxx | predictive | Médio |
| 30 | File | xxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/ | predictive | Alto |
| 31 | File | xxxxx_xx_xxxx.xxx | predictive | Alto |
| 32 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | Alto |
| 33 | File | xxxxxx.xxx | predictive | Médio |
| 34 | File | xxxxxxx/xxxx/xxxxxx.x | predictive | Alto |
| 35 | File | xxxxxxx/xxx/xxxxxx/xxx-xxxxx-xxxxxxx.x | predictive | Alto |
| 36 | File | xxxxxxx/xxx/xxx.x | predictive | Alto |
| 37 | File | xxxxxxx/xxxx/xxxxxxxx/xxxxxxxx_xxx_xxxx.x | predictive | Alto |
| 38 | File | xxxxxxxx.x | predictive | Médio |
| 39 | File | xxxxx.xxx | predictive | Médio |
| 40 | File | xxxx/xxxxxxxxxx/xxxxxx-xxxxx.x | predictive | Alto |
| 41 | File | xxx_xx/xxx/xxx/xxxxxx_xxxxxxx.xxx | predictive | Alto |
| 42 | File | xxxx.xxx | predictive | Médio |
| 43 | File | xxxx.x | predictive | Baixo |
| 44 | File | xxx/xxxx/xxxx_xxxxxx.x | predictive | Alto |
| 45 | File | xxxxxxxx_xxxx.xxx | predictive | Alto |
| 46 | File | xxxxxxxxxxxxxxx.xxx | predictive | Alto |
| 47 | File | xxxxxxxxxxxxxxxx.xxx | predictive | Alto |
| 48 | File | xxxxxxxx.xxxx | predictive | Alto |
| 49 | File | xxxxxxx.x | predictive | Médio |
| 50 | File | xxxxx/xxxxxxxxxxxxxxx.xxx | predictive | Alto |
| 51 | File | xx/xxx/xxxxx.x | predictive | Alto |
| 52 | File | xxxxxxxxx.xxx | predictive | Alto |
| 53 | File | xxxxxxxxx/xxx_xxxx_xxxxxx.xxx | predictive | Alto |
| 54 | File | xxxxxx.xxx | predictive | Médio |
| 55 | File | xxxxxx/xxxxxxxxxxx | predictive | Alto |
| 56 | File | xxxx.xxx | predictive | Médio |
| 57 | File | xxxx.xxx | predictive | Médio |
| 58 | File | xxxxxxxxx/xxxxxx/xxxxxxx.xxx | predictive | Alto |
| 59 | File | x/x | predictive | Baixo |
| 60 | File | xxxxxx_xxxx.xxx | predictive | Alto |
| 61 | File | xxx/xxxxxx.xxx | predictive | Alto |
| 62 | File | xxx/xxxxxxxxxxx/xxxxxxx.xxx | predictive | Alto |
| 63 | File | xxxxx.xxx | predictive | Médio |
| 64 | File | xx-xxx.x | predictive | Médio |
| 65 | File | xx_xxxxx/xxx_xxxx.x | predictive | Alto |
| 66 | File | xxxxxxxxxxxx/xxxxxx_xxxxx.xx | predictive | Alto |
| 67 | File | xxxxx.xxx | predictive | Médio |
| 68 | File | xxxxx.xxxx | predictive | Médio |
| 69 | File | xxxxx.xxx | predictive | Médio |
| 70 | File | xxx/xxx_xxx/xxxxxx/xxx_xxxxx.x | predictive | Alto |
| 71 | File | xxx/xxxxxxxxx/xxxxx_xxxx.x | predictive | Alto |
| 72 | File | xxx/xxxx/xxxxxx_xxx_xxxx.x | predictive | Alto |
| 73 | File | xxx_xxxx.x | predictive | Médio |
| 74 | File | xxxxx-xxxxx.x | predictive | Alto |
| 75 | File | xxxxxxxxx.xxx | predictive | Alto |
| 76 | File | xxxxx.xxx | predictive | Médio |
| 77 | File | xxxxxxxx.xx | predictive | Médio |
| 78 | File | xxxxxxxxxx.xxx | predictive | Alto |
| 79 | File | xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx | predictive | Alto |
| 80 | File | xxx.xxx | predictive | Baixo |
| 81 | File | xxxxx.xxx | predictive | Médio |
| 82 | File | xxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxx%xxxxxxxxx/xxxxxxxxxxxxxx.xxxx | predictive | Alto |
| 83 | File | x/xxxxx.xxx | predictive | Médio |
| 84 | File | xxx_xxxx.x | predictive | Médio |
| 85 | File | xxx_xxxxxx.xxx | predictive | Alto |
| 86 | File | xxxxxxx/xxx_xxxx_xxx.xxx | predictive | Alto |
| 87 | File | xxx.xxx | predictive | Baixo |
| 88 | File | xxxxx.xxx | predictive | Médio |
| 89 | File | xxxx.x | predictive | Baixo |
| 90 | File | xxxxxxxxxxxxxxxxx.xxx | predictive | Alto |
| 91 | File | xx-xxxxx/xxxxx.xxx | predictive | Alto |
| 92 | File | xx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxx_xxxxxxxx | predictive | Alto |
| 93 | File | xx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxxxxxx-xxxxxxxx-xxxxxxxx | predictive | Alto |
| 94 | File | xx-xxxx.xxx | predictive | Médio |
| 95 | File | xx-xxxxxxxx/xxxxxxxxx.xxx | predictive | Alto |
| 96 | File | xx-xxxxxxxx/xxxx.xxx | predictive | Alto |
| 97 | File | xx-xxxxxxxx/xxxx.xxx | predictive | Alto |
| 98 | File | xx-xxxxxxxxxxx.xxx | predictive | Alto |
| 99 | File | xxx_xxxxxx.x | predictive | Médio |
| 100 | File | xxx.xxxx | predictive | Médio |
| 101 | Library | /xxx/xxxx/xxxxx.x/xx-xxxx-xxxxxxx.xxxxx | predictive | Alto |
| 102 | Library | xxxxxx.xxx | predictive | Médio |
| 103 | Library | xxxxxxxxx/xxxxxxx_xxxxxxx.xxx.xxx | predictive | Alto |
| 104 | Argument | xxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx: | predictive | Alto |
| 105 | Argument | xxxxxxxx | predictive | Médio |
| 106 | Argument | xxxxxx | predictive | Baixo |
| 107 | Argument | xx_xx | predictive | Baixo |
| 108 | Argument | xxxx/xxxx | predictive | Médio |
| 109 | Argument | xxxxx$xxxxxxxxxxxxxx$xxxxxxxxxxx | predictive | Alto |
| 110 | Argument | xxxx | predictive | Baixo |
| 111 | Argument | xxxxxx_xxxx_xxxx | predictive | Alto |
| 112 | Argument | xxxx | predictive | Baixo |
| 113 | Argument | xxxxxxxxx | predictive | Médio |
| 114 | Argument | xxxxxx_xxxxxx_xxxxx | predictive | Alto |
| 115 | Argument | xxxx_xx | predictive | Baixo |
| 116 | Argument | xxxxxxx | predictive | Baixo |
| 117 | Argument | xxxxxxx | predictive | Baixo |
| 118 | Argument | xxxx | predictive | Baixo |
| 119 | Argument | xxxxxxxx | predictive | Médio |
| 120 | Argument | xx | predictive | Baixo |
| 121 | Argument | xxxxxxxxx | predictive | Médio |
| 122 | Argument | xxxxx | predictive | Baixo |
| 123 | Argument | xxxx | predictive | Baixo |
| 124 | Argument | xxx_xxxxx_xxxxxxxx | predictive | Alto |
| 125 | Argument | xxx_xxxxxxxx | predictive | Médio |
| 126 | Argument | xxxxxxxxxxxxxxxxx | predictive | Alto |
| 127 | Argument | xxxxxxxx | predictive | Médio |
| 128 | Argument | xxxxxxxx | predictive | Médio |
| 129 | Argument | xxxxxx_xxxx | predictive | Médio |
| 130 | Argument | x_xxxxxxxx | predictive | Médio |
| 131 | Argument | xxxxxxxx | predictive | Médio |
| 132 | Argument | xxxxxxxxx | predictive | Médio |
| 133 | Argument | xxxxxxxxx | predictive | Médio |
| 134 | Argument | xxx | predictive | Baixo |
| 135 | Argument | xxxxx_xxxxxx | predictive | Médio |
| 136 | Argument | xxx-xxxxxxxxxx-xxxx | predictive | Alto |
| 137 | Argument | xxxxx | predictive | Baixo |
| 138 | Argument | xxxxxxxx/xxxxxx | predictive | Alto |
| 139 | Argument | xxx | predictive | Baixo |
| 140 | Argument | xxxx | predictive | Baixo |
| 141 | Argument | xxx | predictive | Baixo |
| 142 | Argument | xxxxxxxx | predictive | Médio |
| 143 | Argument | xxxx_xx | predictive | Baixo |
| 144 | Argument | x_xxxx | predictive | Baixo |
| 145 | Argument | xxxx_xxxx | predictive | Médio |
| 146 | Argument | xxxxxx_xxxxxxx_xxx | predictive | Alto |
| 147 | Input Value | ../ | predictive | Baixo |
| 148 | Input Value | ../../xxxxxxx.xxx | predictive | Alto |
| 149 | Input Value | ./../ | predictive | Baixo |
| 150 | Input Value | /../ | predictive | Baixo |
| 151 | Input Value | x">[xxx/xxxxxx=xxxxx(x)] | predictive | Alto |
| 152 | Input Value | xxxxxxx-xxxxxxxxxxx: xxxx-xxxx; xxxx="xx"[\x][\x][\x] | predictive | Alto |
| 153 | Input Value | xxxx://xxx.xxxxxx.xxx | predictive | Alto |
| 154 | Pattern | |xx|xx|xx| | predictive | Médio |
| 155 | Network Port | xxx/xx (xxx) | predictive | Médio |
| 156 | Network Port | xxx/xx (xxx) | predictive | Médio |
| 157 | Network Port | xxx xxxxxx xxxx | predictive | Alto |
Referências (8)
The following list contains external sources which discuss the actor and the associated activities:
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/OilRig
- xxxxx://xxx.xxxxxxxxxxx.xxx/xxxxxx.xxx?x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxx.xxx&x=xxxx
- xxxxx://xxx.xxxxxxxxxxx.xxx/xxxxxx.xxx?x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.xxx&x=xxxx
- xxxxx://xxx.xxxxxxxxxxx.xxx/xxxxxx.xxx?x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx.xxx&x=xxxx
- xxxxx://xxx.xxxxxxxxxxx.xxx/xxxxxx.xxx?x=xxxxxx!xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx&x=xxxx
- xxxxx://xxx.xxxxxxxxxxx.xxx/_xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxx%xx%xx%xxxxxxxxxxxxxxx.xxx#xxxxxx.xxxxxx=xxxxxxxx
- xxxxx://xxx.xxxxxxxxxxxxxx.xxx/xx/xxxx-xxxxxxxx/xxxxxx-xxxxxxxxxx-xxxxxxx-xxxxx-xxxxxxx-xxxxxxx-xxxxxxxxxxx/
- xxxxx://xxx.xxxxxxxxxxxxxx.xxx/xx/xxxx-xxxxxxxx/xxxxxxx-xxxxx-xxxxx-xxxxx-xxx-xxxx-xx-xxx-xxx-xxxxx-xxxxx/