OilRig a threat actor actively know from 2016, now uses a new threat vector BONDUPDATER malware. It target middle eastern oil producing countries. It uses spear phishing email campaigns to propagate itself.
BONDUPDATER is PowerShell bases Trojan. It has built in backdoor functionality and able to send and receive file and data. Now it uses DNS TXT record to smuggle data.