OilRig BONDUPDATER Malware Sample

OilRig a threat actor actively know from 2016, now uses a new threat vector BONDUPDATER malware. It target middle eastern oil producing countries. It uses spear phishing email campaigns to propagate itself. Sample OilRig BONDUPDATER Email BONDUPDATER is PowerShell bases Trojan. It has built in backdoor functionality and able to send and receive file and data. Now it uses DNS TXT record to smuggle data.

OilRig BONDUPDATER Word File Sample Signatures

Family: VBA:Downloader-EIF [Trj]
MD5: 52b6e1ef0d079f4c2572705156365c06
SHA256: 7cbad6b3f505a199d6766a86b41ed23786bbb99dab9cae6c18936afdc2512f00

OilRig BONDUPDATER Word File Sample Download

Download OilRig BONDUPDATER Word File Sample

OilRig BONDUPDATER PowerShell Backdoor Signatures

Family: Backdoor.PowerShell.Agent.ad
MD5: 8c4fa86dcc2fd00933b70cbf239f0636
SHA256: d5c1822a36f2e7107d0d4c005c26978d00bcb34a587bd9ccf11ae7761ec73fb7

OilRig BONDUPDATER PowerShell Backdoor Download

Download OilRig BONDUPDATER PowerShell Backdoor Sample