Dolphin

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Dolphin is a malicious software (malware) that was reportedly used by an unidentified group against South Korea in December 2022. The malware, named after the codenames of Xerox PARC's range of workstations which all began with the letter D, including Dolphin, Dorado, Dicentra, and others, infiltrates systems to exploit and damage them, often stealing personal information or disrupting operations. This malware, along with others such as Chinotto, BLUELIGHT, GOLDBACKDOOR, and most recently M2RAT, were used by this group to conduct cyber attacks, adding commodity malware like Amadey into the mix to confuse attribution. A device known as Flipper Zero, featuring a monochrome 128x64 pixel screen with a cyber-dolphin greeting, has been flagged by Brazil's national telecoms regulator Anatel for serving illicit purposes or facilitating crimes. Despite similar devices being available in Brazil, the Flipper Zero has come under scrutiny due to its potential misuse, possibly including acting as a conduit for malware like Dolphin. The device has become controversial due to its potential for hacking and pentesting, symbolized by the crying dolphin image displayed when attempting to turn off the tool. In addition to its use in cyber warfare, the name Dolphin also refers to a technology-focused think-tank in Beijing. Despite the decline in revenue for Alibaba's core e-commerce business last year due to high competition, Dolphin continues to provide insights and analysis in the tech industry. However, it's important to differentiate between these two uses of the term 'Dolphin', one referring to a dangerous malware, and the other a legitimate think-tank.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
BLUELIGHT
2
The BLUELIGHT malware, first observed in early 2021, was used as the final payload in a multistage attack. This attack involved a watering-hole assault on a South Korean online newspaper, an Internet Explorer exploit, and another ScarCruft backdoor. The attack process included multiple components li
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Windows
Backdoor
Reconnaissance
exploitation
Exploit
Downloader
Shellcode
Google
Eset
Apt
Loader
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AmadeyUnspecified
1
Amadey is a malicious software (malware) that has been found to be used in conjunction with other malware such as Remcos, GuLoader, and Formbook. Analysis of the infection chains revealed that the individual behind the sales of Remcos and GuLoader also uses Amadey and Formbook, using GuLoader as a p
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
APT37Unspecified
1
APT37, also known as ScarCruft, Reaper, or Group123, is a threat actor suspected to be linked to North Korea. It primarily targets South Korea but has also extended its activities to Japan, Vietnam, and the Middle East, focusing on various industry verticals such as chemicals, electronics, manufactu
DragonflyUnspecified
1
Dragonfly is a notable threat actor known for its malicious activities in the cybersecurity landscape. This group has been particularly active in targeting the energy sector across various countries, including the United States, Switzerland, and Turkey. The tactics employed by Dragonfly often involv
ScarCruftUnspecified
1
ScarCruft, also known as APT37, Inky Squid, RedEyes, Reaper, or Group123, is a North Korean threat actor group associated with malicious cyber activities. Their actions have been linked to the execution of targeted attacks against individual Android devices, as outlined in a VB2023 paper titled "Int
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dolphin Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
4 months ago
Bottlenose Dolphins, TikTok, Tidal, More: Wednesday Afternoon ResearchBuzz, March 13, 2024
CERT-EU
5 months ago
Flipper Zero Video Game Module Hands-on | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
8 months ago
Revival of Medley/Interlisp: Elegant weapon gets sharpened
CERT-EU
a year ago
Florida's education chief skipping history debate
CERT-EU
a year ago
Flipper Zero Devices Being Seized by Brazil’s Telecom Agency
CERT-EU
10 months ago
we're hacking off entire branches through extinction | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
Alibaba's overhaul: a 'smart' move after China crackdown
CERT-EU
a year ago
North Korea's ScarCruft Deploys RokRAT Malware via LNK File Infection Chains
CERT-EU
a year ago
Flipper Zero Devices Being Seized by Brazil’s Telecom Agency | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker
CERT-EU
a year ago
Elite North Korean Hackers Breach Russian Missile Developer
CERT-EU
a year ago
North Korean APT37 Exploits New FadeStealer Malware
CERT-EU
a year ago
We should use technology, internet with caution to avoid cyber-crime: Governor | Garhwal Post | #cybercrime | #infosec | National Cyber Security Consulting
ESET
a year ago
ScarCruft updates its toolset – Week in security with Tony Anscombe | WeLiveSecurity
ESET
a year ago
Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin | WeLiveSecurity