Introduction
BlackOasis is a Middle Eastern threat group that is believed to be a customer of Gamma Group. The group has shown interest in prominent figures in the United Nations, as well as opposition bloggers, activists, regional news correspondents, and think tanks. Securelist BlackOasis Oct 2017 Securelist APT Trends Q2 2017 A group known by Microsoft as NEODYMIUM is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified. CyberScoop BlackOasis Oct 2017
Activities and Tactics
Information pending cataloguing.
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
ATT&CK technique IDs (denormalized)
Notable Indicators of Compromise (IOCs)
No atomic indicators are listed in this profile. The APTnotes snapshot indexes 1 public reports that may contain IOCs; see Source Attribution for dataset links.
Malware and Tools
- BlackEnergy
- BLACKCOFFEE
- Blackshades
- BlackNix
- UNITEDRAKE
- BlackHole
- CVE-2015-5119 β June 2015:
- CVE-2016-0984 β June 2015:
- CVE-2016-4117 β May 2016:
- CVE-2017-8759 β Sept 2017:
- CVE-2017-11292 β Oct 2017:
- FinSpy Malware:
Attribution and Evidence
Information pending cataloguing.
References
[1] mitre-attack [3] Securelist BlackOasis Oct 2017 Kaspersky Labβs Global Research & Analysis Team. (2017, October 16). BlackOasis APT and new targeted attacks leveraging zero-day exploit. Retrieved February 15, 2018. [4] Securelist APT Trends Q2 2017 Kaspersky Labβs Global Research & Analysis Team. (2017, August 8). APT Trends report Q2 2017. Retrieved February 15, 2018. [5] CyberScoop BlackOasis Oct 2017 Bing, C. (2017, October 16). Middle Eastern hacking group is using FinFisher malware to conduct international espionage. Retrieved February 15, 2018.