Home/ Threat Actors/ BlackOasis

🌐BlackOasis

🌐 BlackOasis is a tracked threat actor in the Clankerusecase corpus. ??-aligned. Primary motivation: Unknown. We map 6 detection use cases to this actor across 1 MITRE ATT&CK technique, with 0 threat-intel articles citing them.

View full actor card → All threat actors MITRE ATT&CK group spec (G0063) ↗

6Use cases

0Articles

1Techniques

0IOCs

About this actor (MITRE)

[BlackOasis](https://attack.mitre.org/groups/G0063) is a Middle Eastern threat group that is believed to be a customer of Gamma Group. The group has shown interest in prominent figures in the United Nations, as well as opposition bloggers, activists, regional news correspondents, and think tanks. (Citation: Securelist BlackOasis Oct 2017) (Citation: Securelist APT Trends Q2 2017) A group known by Microsoft as [NEODYMIUM](https://attack.mitre.org/groups/G0055) is reportedly associated closely with [BlackOasis](https://attack.mitre.org/groups/G0063) operations, but evidence that the group names

Known aliases

BlackOasis

Top techniques

T1027 · Obfuscated Files or Information

Detection use cases (6)

npm/yarn/pnpm Install-Hook Spawn → Credential-Store Read or Worm-Payload Drop in node_modules MITRE match Package Manager Install Hook Spawns Scripting Interpreter Then Touches Credential Files or Egresses Off-Registry MITRE match Package-install lifecycle script harvests local credentials and beacons to a non-baselined domain MITRE match File hash IOCs — endpoint file/process match MITRE match PowerShell encoded / obfuscated command MITRE match Curl Execution with Percent Encoded URL MITRE match