ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Clayslide

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Clayslide

NamesClayslide
CategoryMalware
TypeDropper
DescriptionThis is a so-called delivery document.
(Palo Alto) n May 2016, Unit 42 began researching attacks that used spear-phishing emails with attachments, specifically malicious Excel spreadsheets sent to financial organizations within Saudi Arabia. We observed spear-phishing emails sent between May 4 and May 12 of this year that delivered these malicious Excel spreadsheets, which we are tracking as ‘Clayslide’. ClaySlide documents contain malicious macros that display decoy content within the spreadsheet and installs a variant of a Helminth backdoor.
Information<https://unit42.paloaltonetworks.com/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/>

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

All groups using tool Clayslide

ChangedNameCountryObserved

APT groups

 OilRig, APT 34, Helix Kitten, ChryseneIran2014-Apr 2020X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key