BONDUPDATER (d8690218-5272-47d8-8189-35d3b518e66f)

BONDUPDATER is a PowerShell backdoor used by OilRig. It was first observed in November 2017 during targeting of a Middle Eastern government organization, and an updated version was observed in August 2018 being used to target a government organization with spearphishing emails.^{[FireEye APT34 Dec 2017]}^{[Palo Alto OilRig Sep 2018]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
BONDUPDATER (d8690218-5272-47d8-8189-35d3b518e66f)	Tidal Software	OilRig (d01abdb1-0378-4654-aa38-1a4a292703e2)	Tidal Groups	1