Skip to content

Hide Navigation Hide TOC

OilRig APT Registry Persistence (7bdf2a7c-3acc-4091-9581-0a77dad1c5b5)

Detects OilRig registry persistence as reported by Nyotron in their March 2018 report

Cluster A Galaxy A Cluster B Galaxy B Level
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern OilRig APT Registry Persistence (7bdf2a7c-3acc-4091-9581-0a77dad1c5b5) Sigma-Rules 1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern OilRig APT Registry Persistence (7bdf2a7c-3acc-4091-9581-0a77dad1c5b5) Sigma-Rules 1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern OilRig APT Registry Persistence (7bdf2a7c-3acc-4091-9581-0a77dad1c5b5) Sigma-Rules 1
OilRig APT Registry Persistence (7bdf2a7c-3acc-4091-9581-0a77dad1c5b5) Sigma-Rules Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 1
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 2