BONDUPDATER is a PowerShell backdoor used by OilRig. It was first observed in November 2017 during targeting of a Middle Eastern government organization, and an updated version was observed in August 2018 being used to target a government organization with spearphishing emails.
|Enterprise||T1483||Domain Generation Algorithms|
|Enterprise||T1105||Remote File Copy|
|Enterprise||T1071||Standard Application Layer Protocol|
Groups That Use This Software