Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Oilrig / Cleaver Malicious Scheduled Task Detection

Information

Severity

Severity

Critical

Family

Family

Malware

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Workaround

Created

Created

6 years ago

Modified

Modified

5 years ago

Share

Summary

This script tries to detect several indicators for malicious tools used by Iranian APT group 'OILRIG / CLEAVER'.

Insight

Insight

The APT group uses social engineering attacks to deploy various scripts that also install tasks on the target machine. In order to keep a persistent control of the target system, tasks are being created and scheduled. The Windows registry holds a list of all created tasks. Therefore the infection can be validated by checking for the existence of the specific registry entries.

Detection Method

Detection Method

Enumerate the Windows registry and check for the existence of two scheduled tasks, namely 'GoogleUpdatesTaskMachineUI' and 'JavaUpdatesTasksHosts'.

Solution

Solution

A whole cleanup of the infected system is recommended.