【目次】
概要
【別名】
| 攻撃組織名 | 命名組織 |
|---|---|
| APT34 | FireEye |
| Helix Kitten | Wikipedia |
| OilRig | Kaspersky |
| Irn2 | |
| Pipefish | iDefense |
| GreenBug | |
| Chrysene | |
| Crambus | |
| Cobalt Gyp |
【辞書】
◆APT34 (FireEye)
https://www.fireeye.jp/current-threats/apt-groups.html#apt34
◆OilRig (ATT&CK)
https://attack.mitre.org/groups/G0049/
◆OilRig (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/actor/oilrig
記事
【ニュース】
■2017年
◆OilRig Actors Provide a Glimpse into Development and Testing Efforts (paloalto, 2017/04/27 13:00)
https://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/
⇒ https://malware-log.hatenablog.com/entry/2017/04/27/000000_9
◆IRANIAN HACKERS HAVE BEEN INFILTRATING CRITICAL INFRASTRUCTURE COMPANIES (WIRED, 2017/12/07)
https://www.wired.com/story/apt-34-iranian-hackers-critical-infrastructure-companies/
⇒ https://malware-log.hatenablog.com/entry/2017/12/07/000000_13
■2018年
◆Chafer: Latest Attacks Reveal Heightened Ambitions (Symantec, 2018/02/28)
https://www.symantec.com/blogs/threat-intelligence/chafer-latest-attacks-reveal-heightened-ambitions
⇒ https://malware-log.hatenablog.com/entry/2018/02/28/000000_2
◆活発な動きを見せるイランの「Chafer」 - サプライチェーン上流を標的に (Security NEXT, 2018/03/19)
http://www.security-next.com/091117
⇒ https://malware-log.hatenablog.com/entry/2018/03/19/000000_1
■2019年
◆DNSトンネリングの現状: OilRigのDNSトンネリング概要 (Paloalto, 2019/04/17 21:00)
https://www.paloaltonetworks.jp/company/in-the-news/2019/dns-tunneling-in-the-wild-overview-of-oilrigs-dns-tunneling
⇒ https://malware-log.hatenablog.com/entry/2019/04/17/000000_12
◆How companies – and the hackers themselves – could respond to the OilRig leak (CyberScoop, 2019/04/18)
https://www.cyberscoop.com/oilrig-leak-iran-telegram-helix-kitten/
⇒ https://malware-log.hatenablog.com/entry/2019/04/18/000000_11
◆イラン政府のハッカー集団、リンクトインでサイバー攻撃開始 (Forbes, 2019/07/24)
https://forbesjapan.com/articles/detail/28633
⇒ https://malware-log.hatenablog.com/entry/2019/07/24/000000
■2020年
◆米イランの対立で「サイバー空間」の戦争はどうなる? (ビジネス+IT, 2020/01/19)
https://www.sbbit.jp/article/cont1/37555
⇒ https://malware-log.hatenablog.com/entry/2020/01/19/000000
◆OilRig APT Drills into Malware Innovation with Unique Backdoor (Threat Post, 2020/07/22 17:14)
https://threatpost.com/oilrig-apt-unique-backdoor/157646/
⇒ https://malware-log.hatenablog.com/entry/2020/07/22/000000_11
【ブログ】
■2016年
◆OilRigマルウェア攻撃活動、ツールセットを更新し標的を拡大 (Paloalto, 2016/10/06 08:00)
https://www.paloaltonetworks.jp/company/in-the-news/2016/161005-unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets
⇒ https://malware-log.hatenablog.com/entry/2016/10/06/000000_2
■2017年
◆The Curious Case of Mia Ash: Fake Persona Lures Middle Eastern Targets (SecureWorks, 2017/07/27)
https://www.secureworks.com/research/the-curious-case-of-mia-ash
⇒ https://malware-log.hatenablog.com/entry/2017/07/27/000000_8
◆OilRig Deploys “ALMA Communicator” – DNS Tunneling Trojan (paloalto, 2017/11/08 13:00)
https://researchcenter.paloaltonetworks.com/2017/11/unit42-oilrig-deploys-alma-communicator-dns-tunneling-trojan/
⇒ https://malware-log.hatenablog.com/entry/2017/11/08/000000_9
◆New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit (FireEye, 2017/12/07)
https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html
⇒ https://malware-log.hatenablog.com/entry/2017/12/07/000000_11
■2018年
◆OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan (paloalto, 2018/02/23 05:00)
https://researchcenter.paloaltonetworks.com/2018/02/unit42-oopsie-oilrig-uses-threedollars-deliver-new-trojan/
⇒ https://malware-log.hatenablog.com/entry/2018/02/23/000000_6
■2019年
◆Analyzing the APT34’s Jason project (SecurityAffairs, 2019/06/06)
https://securityaffairs.co/wordpress/86680/hacking/analyzing-apt34-jason-project.html
⇒ https://malware-log.hatenablog.com/entry/2019/06/06/000000_13
◆LinkedIn phishing attacks initiated by Iranian hacker group APT34 (TechGenix, 2019/07/22)
http://techgenix.com/apt34-linkedin-phishing/
⇒ https://malware-log.hatenablog.com/entry/2019/07/22/000000_8
■2020年
◆OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory (UNIT42(Paloalto), 2020/07/22 06:00)
https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/
⇒ https://malware-log.hatenablog.com/entry/2020/07/22/000000_12
【資料】
◆APT Group Profile: OilRig (IntSight)
https://intsights.com/resources/apt-group-profile-oilrig
⇒ https://malware-log.hatenablog.com/entry/2020/07/22/000000_13
関連情報
【関連まとめ記事】
◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT