Marlin

Malware updated 5 months ago (2024-05-04T20:44:49.400Z)
Download STIX
Preview STIX
Marlin is a type of malware, or malicious software, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Marlin can steal personal information, disrupt operations, or even hold data hostage for ransom. It is one of several backdoors deployed by OilRig, a cyber espionage group, which was updated and began its deployment in 2021 as reported in the T3 2021 issue of the ESET Threat Report. The other backdoors employed by OilRig include DanBot, Shark, and Milan. Marlin, along with ODAgent, OilCheck, OilBooster, SC5k v2 and v3, PowerExchange, and MrPerfectionManager, utilize various cloud service providers for their Command and Control (C&C) communications. In particular, ODAgent is a C#/.NET downloader that uses the Microsoft OneDrive API for C&C communications, similar to OilRig’s Marlin backdoor. However, unlike Marlin which supports a comprehensive list of backdoor commands, ODAgent's capabilities are more limited, focusing on downloading and executing payloads and exfiltrating staged files. In addition to its role in cybersecurity threats, the term "Marlin" also refers to Marlin Equity Partners, a company unrelated to the malware. In 2020, Marlin Equity Partners acquired Heimdal Security, a leading European provider of cloud-based cybersecurity solutions. This acquisition expanded Marlin's reach, particularly during the COVID-19 pandemic, where it supported businesses worldwide with remote work security. Despite the potential benefits of such mergers and acquisitions, concerns have been raised about market consolidation potentially limiting the options available to security chiefs.
Description last updated: 2024-05-04T17:21:47.112Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Shark is a possible alias for Marlin. Shark is a malicious software (malware) deployed by the cyber threat group known as OilRig. In 2021, OilRig updated its DanBot backdoor and began deploying multiple new backdoors including Shark, Milan, and Marlin, as reported in the T3 2021 issue of the ESET Threat Report. This malware can infiltra
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The DanBot Malware is associated with Marlin. DanBot is a malicious software (malware) written in C# using .NET Framework 2.0 that provides basic remote access capabilities. It was identified as part of the arsenal used by the cyber threat group, OilRig, and has been linked to other backdoors such as Solar, Shark, Milan, and Marlin. The malwareUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The OilRig Threat Actor is associated with Marlin. OilRig, also known as APT34, Helix Kitten, Cobalt Gypsym, Lyceum, Crambus, or Siamesekitten, is a notorious threat actor linked to numerous malicious activities. The group has been associated with various well-known campaigns such as DarkHydrus, xHunt, SUNBURST, and Decoy Dog, all of which leveragedUnspecified
2
Source Document References
Information about the Marlin Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more