Clayslide

Description

This is a so-called delivery document. (Palo Alto) n May 2016, Unit 42 began researching attacks that used spear-phishing emails with attachments, specifically malicious Excel spreadsheets sent to financial organizations within Saudi Arabia. We observed spear-phishing emails sent between May 4 and May 12 of this year that delivered these malicious Excel spreadsheets, which we are tracking as ‘Clayslide’. ClaySlide documents contain malicious macros that display decoy content within the spreadsheet and installs a variant of a Helminth backdoor.

Names

Name
Clayslide

Type

Dropper

Information

https://unit42.paloaltonetworks.com/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/

Other Information

Uuid

bed1c93e-b6c8-4d31-b7b0-b41d1b05bcb2

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

Clayslide

Clayslide

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks