OilBooster
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
OilBooster can send HTTP `GET`, `POST`, `PUT`, and `DELETE` requests to the Microsoft Graph API over port 443 for C2 communication.(Citation: ESET OilRig Downloaders DEC 2023) |
| Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
OilBooster has the ability to execute shell commands and exfiltrate the results.(Citation: ESET OilRig Downloaders DEC 2023) |
| Enterprise | T1074 | .001 | Data Staged: Local Data Staging |
OilBooster can stage files in the `tempFiles` directory for exfiltration.(Citation: ESET OilRig Downloaders DEC 2023) |
| Enterprise | T1573 | .002 | Encrypted Channel: Asymmetric Cryptography |
OilBooster can use the OpenSSL library to encrypt C2 communications.(Citation: ESET OilRig Downloaders DEC 2023) |
| Enterprise | T1567 | .002 | Exfiltration Over Web Service: Exfiltration to Cloud Storage |
OilBooster can exfiltrate files to an actor-controlled OneDrive account via the Microsoft Graph API.(Citation: ESET OilRig Downloaders DEC 2023) |
| Enterprise | T1564 | .003 | Hide Artifacts: Hidden Window |
OilBooster can hide its console window upon execution through the `ShowWindow` API. (Citation: ESET OilRig Downloaders DEC 2023) |
| Enterprise | T1102 | .002 | Web Service: Bidirectional Communication |
OilBooster uses the Microsoft Graph API to connect to an actor-controlled OneDrive account to download and execute files and shell commands, and to create directories to share exfiltrated data.(Citation: ESET OilRig Downloaders DEC 2023) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.