OilRig or APT34 (or HelixKitten) has been associated with global cyber attacks on about a hundred organizations in 27 countries. Recently, researchers discovered about 12,765 credentials that were stolen by this APT group.
The group uses a number of malicious backdoors, webshells and DNS hijacking toolkits mainly poisonfrog (bondupdater), hypershell, highshell, minion and glimpse.
Indicators of Compromise
Malware Hash (MD5/SHA1/SH256)
Block the threat indicators at their respective controls.