G0063 BlackOasis
BlackOasis is a Middle Eastern threat group that is believed to be a customer of Gamma Group. The group has shown interest in prominent figures in the United Nations, as well as opposition bloggers, activists, regional news correspondents, and think tanks. 1 2 A group known by Microsoft as NEODYMIUM is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified. 3
| Item | Value |
|---|---|
| ID | G0063 |
| Associated Names | |
| Version | 1.0 |
| Created | 18 April 2018 |
| Last Modified | 17 October 2018 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1027 | Obfuscated Files or Information | BlackOasis‘s first stage shellcode contains a NOP sled with alternative instructions that was likely designed to bypass antivirus tools.1 |
References
-
Kaspersky Lab’s Global Research & Analysis Team. (2017, October 16). BlackOasis APT and new targeted attacks leveraging zero-day exploit. Retrieved February 15, 2018. ↩↩
-
Kaspersky Lab’s Global Research & Analysis Team. (2017, August 8). APT Trends report Q2 2017. Retrieved February 15, 2018. ↩
-
Bing, C. (2017, October 16). Middle Eastern hacking group is using FinFisher malware to conduct international espionage. Retrieved February 15, 2018. ↩