Emerging Threats
Actor2018
OilRig
4Rules
1References
1Folders
2023-03-08Latest
Summary
OilRig is tracked here as a threat actor, intrusion set, or campaign with 4 Sigma detections spanning 2018. Coverage centers on windows / process_creation, windows / registry_event, windows / security +1.
Related Detections
Search this threatEmerging Threatcriticaltest
OilRig APT Activity
Detects OilRig activity as reported by Nyotron in their March 2018 report
WindowsProcess Creation
TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceG0049 · OilRig+8
Florian Roth (Nextron Systems)+4Fri Mar 232018
Emerging Threatcriticaltest
OilRig APT Registry Persistence
Detects OilRig registry persistence as reported by Nyotron in their March 2018 report
WindowsRegistry Event
TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceG0049 · OilRig+8
Florian Roth (Nextron Systems)+4Fri Mar 232018
Emerging Threatcriticaltest
OilRig APT Schedule Task Persistence - Security
Detects OilRig schedule task persistence as reported by Nyotron in their March 2018 report
Windowssecurity
TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceG0049 · OilRig+8
Florian Roth (Nextron Systems)+4Fri Mar 232018
Emerging Threatcriticaltest
OilRig APT Schedule Task Persistence - System
Detects OilRig schedule task persistence as reported by Nyotron in their March 2018 report
Windowssystem
TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceG0049 · OilRig+8
Florian Roth (Nextron Systems)+4Fri Mar 232018
References