Unit 42 observed a new version of the Clayslide delivery document used to install a new custom Trojan whose developer calls “ALMA Communicator”.
New research from Unit 42: OilRig uses ISMDoor variant; possibly linked to Greenbug threat group.
Unit 42 researches the techniques used by attackers to avoid antivirus detection and successfully deliver OilRig campaign attacks.
Sign up to receive the latest news, cyber threat intelligence and research from Unit 42
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
Since our first published analysis of the OilRig campaign in May 2016 , we have continued to monitor this group for new activity. In recent weeks we’ve discovered that the group have been actively updating their Clayslide delivery documents, as well as the Helminth backdoor used against victims. Additionally, the scope of organizations targeted by
Sign up to receive the latest news, cyber threat intelligence and research from Unit 42
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.