• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Nokoyawa Ransomware – Active IOCs
May 26, 2022
Rewterz Threat Alert – WannaCry Ransomware – Active IOCs
May 26, 2022

Rewterz Threat Alert – APT34 – OilRig APT Group – Active IOCs

May 26, 2022

Severity

High

Analysis Summary

OilRig, aka HelixKitten, APT 34, and Twisted Kitten, is a suspected Iranian threat group targeting Middle Eastern and international victims since at least 2014. The group appears to conduct supply chain attacks, taking advantage of the trust connection between organizations to attack its major targets. Based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that corresponds with nation-state goals, researchers conclude that the organization operates on behalf of the Iranian government. Financial, political, energy, chemical, and telecommunications sectors are the top targets of this threat actor group. For lateral movement, OilRig makes use of stolen account credentials. OilRig uses credential dumping tools like Mimikatz to harvest credentials from accounts logged onto the compromised system after gaining access to it. The threat actor group utilizes these credentials to gain access to and move laterally via the network’s systems.

Impact

Information Theft and Espionage
Exposure of Sensitive Data

Indicators of Compromise

MD5

  • ccc36ffd7b4634b107e3f8518ad3a539

SHA-256

  • b69812221cd9328a70c90f771c58be44693de493df18f0a08ebd0bb6236e37a7

SHA-1

  • c7a1f076dfaeaaa6bacc0e610078a20f1879f091

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.