OilRig Análise
IOB - Indicator of Behavior (487)
Actividades
Interesse
Vulnerabilidades
IOC - Indicator of Compromise (20)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (21)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (157)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Classe | Indicator | Tipo | Aceitação |
---|---|---|---|---|
1 | File | /admin/index.php | predictive | Alto |
2 | File | /bdswebui/assignusers/ | predictive | Alto |
3 | File | /bin/goahead | predictive | Médio |
4 | File | /cgi-bin/luci | predictive | Alto |
5 | File | /cgi-bin/supervisor/PwdGrp.cgi | predictive | Alto |
6 | File | /dev/dri/card1 | predictive | Alto |
7 | File | /forum/away.php | predictive | Alto |
8 | File | /GetCSSashx/?CP=%2fwebconfig | predictive | Alto |
9 | File | /HNAP1 | predictive | Baixo |
10 | File | /horde/util/go.php | predictive | Alto |
11 | File | /login.html | predictive | Médio |
12 | File | /proc/#####/fd/3 | predictive | Alto |
13 | File | /squashfs-root/www/HNAP1/control/SetWizardConfig.php | predictive | Alto |
14 | File | /uir/ | predictive | Baixo |
15 | File | /uncpath/ | predictive | Médio |
16 | File | /xpdf/Stream.cc | predictive | Alto |
17 | File | actions.hsp | predictive | Médio |
18 | File | adclick.php | predictive | Médio |
19 | File | xxx_xxxx_xxxx.xxx | predictive | Alto |
20 | File | xxxxx/xxxxxxxxx/ | predictive | Alto |
21 | File | xxxxx/xxxxx.xxx | predictive | Alto |
22 | File | xxx/xx | predictive | Baixo |
23 | File | xxxxxxx.xxx | predictive | Médio |
24 | File | xxxxxxx/xxxxxxxxxxx.x | predictive | Alto |
25 | File | xxxxx_xxx.xxx | predictive | Alto |
26 | File | xxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxx | predictive | Alto |
27 | File | xxxxx_xxxx.x | predictive | Médio |
28 | File | xxxxx.xxx | predictive | Médio |
29 | File | xxx-xxxx.xxx | predictive | Médio |
30 | File | xxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/ | predictive | Alto |
31 | File | xxxxx_xx_xxxx.xxx | predictive | Alto |
32 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | Alto |
33 | File | xxxxxx.xxx | predictive | Médio |
34 | File | xxxxxxx/xxxx/xxxxxx.x | predictive | Alto |
35 | File | xxxxxxx/xxx/xxxxxx/xxx-xxxxx-xxxxxxx.x | predictive | Alto |
36 | File | xxxxxxx/xxx/xxx.x | predictive | Alto |
37 | File | xxxxxxx/xxxx/xxxxxxxx/xxxxxxxx_xxx_xxxx.x | predictive | Alto |
38 | File | xxxxxxxx.x | predictive | Médio |
39 | File | xxxxx.xxx | predictive | Médio |
40 | File | xxxx/xxxxxxxxxx/xxxxxx-xxxxx.x | predictive | Alto |
41 | File | xxx_xx/xxx/xxx/xxxxxx_xxxxxxx.xxx | predictive | Alto |
42 | File | xxxx.xxx | predictive | Médio |
43 | File | xxxx.x | predictive | Baixo |
44 | File | xxx/xxxx/xxxx_xxxxxx.x | predictive | Alto |
45 | File | xxxxxxxx_xxxx.xxx | predictive | Alto |
46 | File | xxxxxxxxxxxxxxx.xxx | predictive | Alto |
47 | File | xxxxxxxxxxxxxxxx.xxx | predictive | Alto |
48 | File | xxxxxxxx.xxxx | predictive | Alto |
49 | File | xxxxxxx.x | predictive | Médio |
50 | File | xxxxx/xxxxxxxxxxxxxxx.xxx | predictive | Alto |
51 | File | xx/xxx/xxxxx.x | predictive | Alto |
52 | File | xxxxxxxxx.xxx | predictive | Alto |
53 | File | xxxxxxxxx/xxx_xxxx_xxxxxx.xxx | predictive | Alto |
54 | File | xxxxxx.xxx | predictive | Médio |
55 | File | xxxxxx/xxxxxxxxxxx | predictive | Alto |
56 | File | xxxx.xxx | predictive | Médio |
57 | File | xxxx.xxx | predictive | Médio |
58 | File | xxxxxxxxx/xxxxxx/xxxxxxx.xxx | predictive | Alto |
59 | File | x/x | predictive | Baixo |
60 | File | xxxxxx_xxxx.xxx | predictive | Alto |
61 | File | xxx/xxxxxx.xxx | predictive | Alto |
62 | File | xxx/xxxxxxxxxxx/xxxxxxx.xxx | predictive | Alto |
63 | File | xxxxx.xxx | predictive | Médio |
64 | File | xx-xxx.x | predictive | Médio |
65 | File | xx_xxxxx/xxx_xxxx.x | predictive | Alto |
66 | File | xxxxxxxxxxxx/xxxxxx_xxxxx.xx | predictive | Alto |
67 | File | xxxxx.xxx | predictive | Médio |
68 | File | xxxxx.xxxx | predictive | Médio |
69 | File | xxxxx.xxx | predictive | Médio |
70 | File | xxx/xxx_xxx/xxxxxx/xxx_xxxxx.x | predictive | Alto |
71 | File | xxx/xxxxxxxxx/xxxxx_xxxx.x | predictive | Alto |
72 | File | xxx/xxxx/xxxxxx_xxx_xxxx.x | predictive | Alto |
73 | File | xxx_xxxx.x | predictive | Médio |
74 | File | xxxxx-xxxxx.x | predictive | Alto |
75 | File | xxxxxxxxx.xxx | predictive | Alto |
76 | File | xxxxx.xxx | predictive | Médio |
77 | File | xxxxxxxx.xx | predictive | Médio |
78 | File | xxxxxxxxxx.xxx | predictive | Alto |
79 | File | xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx | predictive | Alto |
80 | File | xxx.xxx | predictive | Baixo |
81 | File | xxxxx.xxx | predictive | Médio |
82 | File | xxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxx%xxxxxxxxx/xxxxxxxxxxxxxx.xxxx | predictive | Alto |
83 | File | x/xxxxx.xxx | predictive | Médio |
84 | File | xxx_xxxx.x | predictive | Médio |
85 | File | xxx_xxxxxx.xxx | predictive | Alto |
86 | File | xxxxxxx/xxx_xxxx_xxx.xxx | predictive | Alto |
87 | File | xxx.xxx | predictive | Baixo |
88 | File | xxxxx.xxx | predictive | Médio |
89 | File | xxxx.x | predictive | Baixo |
90 | File | xxxxxxxxxxxxxxxxx.xxx | predictive | Alto |
91 | File | xx-xxxxx/xxxxx.xxx | predictive | Alto |
92 | File | xx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxx_xxxxxxxx | predictive | Alto |
93 | File | xx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxxxxxx-xxxxxxxx-xxxxxxxx | predictive | Alto |
94 | File | xx-xxxx.xxx | predictive | Médio |
95 | File | xx-xxxxxxxx/xxxxxxxxx.xxx | predictive | Alto |
96 | File | xx-xxxxxxxx/xxxx.xxx | predictive | Alto |
97 | File | xx-xxxxxxxx/xxxx.xxx | predictive | Alto |
98 | File | xx-xxxxxxxxxxx.xxx | predictive | Alto |
99 | File | xxx_xxxxxx.x | predictive | Médio |
100 | File | xxx.xxxx | predictive | Médio |
101 | Library | /xxx/xxxx/xxxxx.x/xx-xxxx-xxxxxxx.xxxxx | predictive | Alto |
102 | Library | xxxxxx.xxx | predictive | Médio |
103 | Library | xxxxxxxxx/xxxxxxx_xxxxxxx.xxx.xxx | predictive | Alto |
104 | Argument | xxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx: | predictive | Alto |
105 | Argument | xxxxxxxx | predictive | Médio |
106 | Argument | xxxxxx | predictive | Baixo |
107 | Argument | xx_xx | predictive | Baixo |
108 | Argument | xxxx/xxxx | predictive | Médio |
109 | Argument | xxxxx$xxxxxxxxxxxxxx$xxxxxxxxxxx | predictive | Alto |
110 | Argument | xxxx | predictive | Baixo |
111 | Argument | xxxxxx_xxxx_xxxx | predictive | Alto |
112 | Argument | xxxx | predictive | Baixo |
113 | Argument | xxxxxxxxx | predictive | Médio |
114 | Argument | xxxxxx_xxxxxx_xxxxx | predictive | Alto |
115 | Argument | xxxx_xx | predictive | Baixo |
116 | Argument | xxxxxxx | predictive | Baixo |
117 | Argument | xxxxxxx | predictive | Baixo |
118 | Argument | xxxx | predictive | Baixo |
119 | Argument | xxxxxxxx | predictive | Médio |
120 | Argument | xx | predictive | Baixo |
121 | Argument | xxxxxxxxx | predictive | Médio |
122 | Argument | xxxxx | predictive | Baixo |
123 | Argument | xxxx | predictive | Baixo |
124 | Argument | xxx_xxxxx_xxxxxxxx | predictive | Alto |
125 | Argument | xxx_xxxxxxxx | predictive | Médio |
126 | Argument | xxxxxxxxxxxxxxxxx | predictive | Alto |
127 | Argument | xxxxxxxx | predictive | Médio |
128 | Argument | xxxxxxxx | predictive | Médio |
129 | Argument | xxxxxx_xxxx | predictive | Médio |
130 | Argument | x_xxxxxxxx | predictive | Médio |
131 | Argument | xxxxxxxx | predictive | Médio |
132 | Argument | xxxxxxxxx | predictive | Médio |
133 | Argument | xxxxxxxxx | predictive | Médio |
134 | Argument | xxx | predictive | Baixo |
135 | Argument | xxxxx_xxxxxx | predictive | Médio |
136 | Argument | xxx-xxxxxxxxxx-xxxx | predictive | Alto |
137 | Argument | xxxxx | predictive | Baixo |
138 | Argument | xxxxxxxx/xxxxxx | predictive | Alto |
139 | Argument | xxx | predictive | Baixo |
140 | Argument | xxxx | predictive | Baixo |
141 | Argument | xxx | predictive | Baixo |
142 | Argument | xxxxxxxx | predictive | Médio |
143 | Argument | xxxx_xx | predictive | Baixo |
144 | Argument | x_xxxx | predictive | Baixo |
145 | Argument | xxxx_xxxx | predictive | Médio |
146 | Argument | xxxxxx_xxxxxxx_xxx | predictive | Alto |
147 | Input Value | ../ | predictive | Baixo |
148 | Input Value | ../../xxxxxxx.xxx | predictive | Alto |
149 | Input Value | ./../ | predictive | Baixo |
150 | Input Value | /../ | predictive | Baixo |
151 | Input Value | x">[xxx/xxxxxx=xxxxx(x)] | predictive | Alto |
152 | Input Value | xxxxxxx-xxxxxxxxxxx: xxxx-xxxx; xxxx="xx"[\x][\x][\x] | predictive | Alto |
153 | Input Value | xxxx://xxx.xxxxxx.xxx | predictive | Alto |
154 | Pattern | |xx|xx|xx| | predictive | Médio |
155 | Network Port | xxx/xx (xxx) | predictive | Médio |
156 | Network Port | xxx/xx (xxx) | predictive | Médio |
157 | Network Port | xxx xxxxxx xxxx | predictive | Alto |
Referências (8)
The following list contains external sources which discuss the actor and the associated activities:
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/OilRig
- xxxxx://xxx.xxxxxxxxxxx.xxx/xxxxxx.xxx?x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxx.xxx&x=xxxx
- xxxxx://xxx.xxxxxxxxxxx.xxx/xxxxxx.xxx?x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.xxx&x=xxxx
- xxxxx://xxx.xxxxxxxxxxx.xxx/xxxxxx.xxx?x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx.xxx&x=xxxx
- xxxxx://xxx.xxxxxxxxxxx.xxx/xxxxxx.xxx?x=xxxxxx!xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx&x=xxxx
- xxxxx://xxx.xxxxxxxxxxx.xxx/_xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxx%xx%xx%xxxxxxxxxxxxxxx.xxx#xxxxxx.xxxxxx=xxxxxxxx
- xxxxx://xxx.xxxxxxxxxxxxxx.xxx/xx/xxxx-xxxxxxxx/xxxxxx-xxxxxxxxxx-xxxxxxx-xxxxx-xxxxxxx-xxxxxxx-xxxxxxxxxxx/
- xxxxx://xxx.xxxxxxxxxxxxxx.xxx/xx/xxxx-xxxxxxxx/xxxxxxx-xxxxx-xxxxx-xxxxx-xxx-xxxx-xx-xxx-xxx-xxxxx-xxxxx/