Researchers have discovered a new campaign using a new variant of OopsIE Trojan by APT group OilRig
- APT group OilRig was discovered using a new variant OopsIE Trojan
- The new campaign targeted government organisations in the Middle East.
- The campaign was discovered by researchers at Palo Alto Networks.
- The new version contains additional anti-analysis and evasion detection features.
Researchers have
discovered a new campaign using a new variant of OopsIE Trojan by APT group OilRig. The campaign was discovered by researchers at
Palo Alto Networks targeting government organization in the Middle East. The new variant of OopsIE Trojan was first discovered in February 2018 and contains additional anti-analysis and evasion detection features. The OopsIE variant begins its process by performing a series of anti-VM and sandbox checks. If it detects anything, it will exit without running any malicious activity. The news OopsIE variant contains some features which were not seen in other malware families such as it checks CPU fan information, CPU temperature, time zone, mouse pointer, hard disk, motherboard, human interaction and also checks Sandboxie DLL, VBox DLL, VMware DLL. “In July 2018, we reported on a wave of OilRig attacks delivering a tool called QUADAGENT involving a Middle Eastern government agency. During that wave, we also observed OilRig leveraging additional compromised email accounts at the same government organization to send spear phishing emails delivering the OopsIE trojan as the payload instead of QUADAGENT”. At the same time, Researchers discovered a second campaign targeting another government organization in the same country using OopsIE trojan as the attachment. The phishing email was written in Arabic using a subject line as “business continuity management training” and were sent to addresses belonging to a group. When analyzed it was discovered the targeted group has previously publicly published several documents related to that subject line. The new variant of OopsIE Trojan has similar function code to the older version, and the main difference is that during the first run it check series of anti-VM and sandbox checks. “The OilRig group remains a persistent adversary in the Middle East region,This attack is no different, now adding anti-analysis capabilities into their tools. This adversary is highly resourceful and continues to adapt over time. However, the tactics they continue to deploy are generally unsophisticated, and simple security hygiene would help organizations protect themselves against this threat.” said in the
post published by Palo Alto Networks researchers. For the
latest cyber threats and the
latest hacking news please follow us on
Facebook and
Twitter.You may be interested in reading: OilRig APT Group spotted using a new Trojan called OopsIE against Middle East Organizations
