Marlin

Malware updated 4 months ago (2024-05-04T20:44:49.400Z)
Download STIX
Preview STIX
Marlin is a type of malware, or malicious software, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Marlin can steal personal information, disrupt operations, or even hold data hostage for ransom. It is one of several backdoors deployed by OilRig, a cyber espionage group, which was updated and began its deployment in 2021 as reported in the T3 2021 issue of the ESET Threat Report. The other backdoors employed by OilRig include DanBot, Shark, and Milan. Marlin, along with ODAgent, OilCheck, OilBooster, SC5k v2 and v3, PowerExchange, and MrPerfectionManager, utilize various cloud service providers for their Command and Control (C&C) communications. In particular, ODAgent is a C#/.NET downloader that uses the Microsoft OneDrive API for C&C communications, similar to OilRig’s Marlin backdoor. However, unlike Marlin which supports a comprehensive list of backdoor commands, ODAgent's capabilities are more limited, focusing on downloading and executing payloads and exfiltrating staged files. In addition to its role in cybersecurity threats, the term "Marlin" also refers to Marlin Equity Partners, a company unrelated to the malware. In 2020, Marlin Equity Partners acquired Heimdal Security, a leading European provider of cloud-based cybersecurity solutions. This acquisition expanded Marlin's reach, particularly during the COVID-19 pandemic, where it supported businesses worldwide with remote work security. Despite the potential benefits of such mergers and acquisitions, concerns have been raised about market consolidation potentially limiting the options available to security chiefs.
Description last updated: 2024-05-04T17:21:47.112Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Shark
2
Shark is a malicious software (malware) developed and deployed by the cybercriminal group OilRig. In 2021, OilRig updated its DanBot backdoor and began deploying Shark, along with Milan and Marlin backdoors as mentioned in the T3 2021 issue of the ESET Threat Report. The malware was designed to expl
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
DanBotUnspecified
2
DanBot is a malicious software (malware) written in C# using .NET Framework 2.0 that provides basic remote access capabilities. It was identified as part of the arsenal used by the cyber threat group, OilRig, and has been linked to other backdoors such as Solar, Shark, Milan, and Marlin. The malware
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
OilRigUnspecified
2
OilRig is a well-known threat actor in the cybersecurity landscape, notorious for its sophisticated attacks on various targets, including Middle Eastern telecommunications organizations and Israel's critical infrastructure sector. This entity has been linked to several high-profile campaigns such as
Source Document References
Information about the Marlin Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
6 months ago
Heimdal’s 10th Anniversary - Our Finest Hours
ESET
9 months ago
OilRig’s persistent attacks using cloud service-powered downloaders
CERT-EU
a year ago
OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes
CERT-EU
a year ago
Cocoa Press Chocolate 3D Printer Offered As DIY Kit
CERT-EU
a year ago
Cisco’s Splunk Deal Shows Allure of AI in Cybersecurity | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
2 years ago
Search | arXiv e-print repository