Adversary | Oilrig

Also Known As

Twisted Kitten | Cobalt Gypsy | Crambus | Helix Kitten | APT 34 | IRN2

Origin

Iran

Target Countries

Israel | Kuwait | Lebanon | Saudi Arabia | Turkey | Qatar | United Arab Emirates | United States

Targeted Verticals

Critical Infrastructure

Financial Services

Government | Military

Telecommunications

MITRE TTPs

Account Discovery: Domain Account

Account Discovery: Local Account

Application Layer Protocol: Web Protocols

Application Layer Protocol: DNS

Automated Collection

Brute Force

Command and Scripting Interpreter

PowerShell

Windows Command Shell

Credentials from Password Stores

Credentials from Web Browsers

Deobfuscate/Decode Files or Information

Encrypted Channel: Asymmetric Cryptography

Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol

External Remote Services

Fallback Channels

Indicator Removal on Host: File Deletion

Ingress Tool Transfer

Input Capture: Keylogging

Network Service Scanning

Obfuscated Files or Information

Indicator Removal from Tools

Office Application Startup: Outlook Home Page

OS Credential Dumping: LSASS Memory

OS Credential Dumping: LSA Secrets

OS Credential Dumping: Cached Domain Credentials

Password Policy Discovery

Permission Groups Discovery: Local Groups

Permission Groups Discovery: Domain Groups

Phishing: Spearphishing Attachment

Phishing: Spearphishing Link

Phishing: Spearphishing via Service

Process Discovery

Protocol Tunneling

Query Registry

Remote Services: SSH

Remote Services: Remote Desktop Protocol

Scheduled Task/Job: Scheduled Task

Screen Capture

Server Software Component: Web Shell

Signed Binary Proxy Execution: Compiled HTML File

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

System Owner/User Discovery

System Service Discovery

Unsecured Credentials: Credentials In Files

User Execution: Malicious File

User Execution: Malicious Link

Valid Accounts

Windows Management Instrumentation