Skip to content

G0063 BlackOasis

BlackOasis is a Middle Eastern threat group that is believed to be a customer of Gamma Group. The group has shown interest in prominent figures in the United Nations, as well as opposition bloggers, activists, regional news correspondents, and think tanks. 1 2 A group known by Microsoft as NEODYMIUM is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified. 3

Item Value
ID G0063
Associated Names
Version 1.0
Created 18 April 2018
Last Modified 17 October 2018
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1027 Obfuscated Files or Information BlackOasis‘s first stage shellcode contains a NOP sled with alternative instructions that was likely designed to bypass antivirus tools.1

References

Back to top