Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Oilrig / Cleaver Malicious Scheduled Task Detection
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This script tries to detect several indicators for malicious tools used by Iranian APT group 'OILRIG / CLEAVER'.
Insight
Insight
The APT group uses social engineering attacks to deploy various scripts that also install tasks on the target machine. In order to keep a persistent control of the target system, tasks are being created and scheduled. The Windows registry holds a list of all created tasks. Therefore the infection can be validated by checking for the existence of the specific registry entries.
Detection Method
Detection Method
Enumerate the Windows registry and check for the existence of two scheduled tasks, namely 'GoogleUpdatesTaskMachineUI' and 'JavaUpdatesTasksHosts'.
Solution
Solution
A whole cleanup of the infected system is recommended.