Milan

Malware Profile Updated 5 days ago

Download STIX

Preview STIX

Milan is a malicious software, or malware, that was notably deployed by the cyber group OilRig in 2021. The group updated its DanBot backdoor and began deploying multiple backdoors including Shark, Milan, and Marlin. These backdoors were mentioned in the T3 2021 issue of the ESET Threat Report. Similarities were observed between the Solar backdoor and the backdoors used in Out to Sea, particularly with respect to upload and download schemes. Both Solar and Shark, another OilRig backdoor, along with Milan, use URIs with simple upload ("u") and download ("d") schemes to communicate with the Command & Control server. In 2022, Milan suffered from an extensive number of Distributed Denial of Service (DDoS) attacks, receiving the most such attacks in Italy. Over 5,000 DDoS attacks were reported, disrupting operations and causing significant downtime. This has highlighted the importance of having physical locations for Security Operations Centers (SOCs), as stressed by Milan Patel, BlueVoyant’s global head of managed detection and response (MDR). The impact of the Milan malware extended to various sectors, including the restaurant industry. A worker at a Milan restaurant reported that their system was offline for several hours due to a suspected attack, requiring technical assistance to restore operations. Following the outage, some McDonald’s restaurants, including those in Bangkok and Milan, were able to resume normal operations. These incidents underscore the pervasive threat posed by malware like Milan and the need for robust cybersecurity measures across industries.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Shark	2	Shark is a type of malware, or malicious software, that was deployed by the cyber group OilRig. In 2021, OilRig updated its DanBot backdoor and began deploying the Shark, Milan, and Marlin backdoors, as highlighted in the T3 2021 issue of the ESET Threat Report. This harmful program can infiltrate s
DanBot	2	DanBot is a malicious software (malware) written in C# using .NET Framework 2.0 that provides basic remote access capabilities. It was identified as part of the arsenal used by the cyber threat group, OilRig, and has been linked to other backdoors such as Solar, Shark, Milan, and Marlin. The malware
Marlin	1	Marlin is a type of malware, or malicious software, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Marlin can steal personal information, disrupt operations, or even hold data
Sc5k	1	SC5k is a malware developed by OilRig, first discovered in November 2021 during the group's Outer Space campaign. This malicious software acts as a vehicle to deploy a downloader called SampleCheck5000 (SC5k), which utilizes the Office Exchange Web Services (EWS) API to download additional tools for

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Backdoor

Bitcoin

Rat

Beacon

Italy

Ukraine

Russia

Fraud

European

Aws

Banking

Financial

Ransom

amd

Social Media

Capita

Ddos

Downloader

Microsoft

Malware

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Conti	Unspecified	2	Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
OilRig	Unspecified	1	OilRig is a well-known threat actor in the cybersecurity landscape, notorious for its sophisticated attacks on various targets, including Middle Eastern telecommunications organizations and Israel's critical infrastructure sector. This entity has been linked to several high-profile campaigns such as
Medusa	Unspecified	1	Medusa, a threat actor group, has been identified as a rising menace in the cybersecurity landscape, with its ransomware activities escalating significantly. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability known as Citrix Bleed (CVE-2023
Lyceum	Unspecified	1	Lyceum, also known as DEV-0133 and potentially linked to the OilRig group (aka APT34, Helix Kitten, Cobalt Gypsym, Crambus, or Siamesekitten), is a threat actor believed to be a Farsi-speaking entity active since 2018. It is suspected to be a subordinate element within Iran's Ministry of Intelligenc

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Assault	Unspecified	1	The term "assault" in this context refers to a variety of aggressive actions, ranging from cyber attacks to physical violence. One significant event occurred on October 7, 2023, when Hamas launched a coordinated cross-border assault on Israel, marking the official start of the Israel-Hamas War. This

Source Document References

Information about the Milan Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
DARKReading	5 days ago	Chinese Crime Ring Hides Behind Stealth Tech and Soccer
InfoSecurity-magazine	3 months ago	Leeds Talent Pool Attracts BlueVoyant’s First UK SOC
CERT-EU	4 months ago	McDonald's system outages reported in Europe and worldwide
CERT-EU	4 months ago	McDonald's apologizes for global system outage that shut down some stores for hours
CERT-EU	4 months ago	French Government Suffers Severe Cyber Attacks
CERT-EU	4 months ago	McDonald’s suffers worldwide outage
CERT-EU	4 months ago	LatAm firms ramping up cybersecurity investments as they come into criminals' crosshairs \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	5 months ago	Apple rolls out quantum-resistant cryptography for iMessage
CERT-EU	6 months ago	82% of India's stock brokers set to invest in cybersecurity for enhanced business resilience \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	7 months ago	Flared jeans and poppy red: Here are 2024’s biggest style trends
CERT-EU	7 months ago	New Generative AI Tools Coming In 2024
CERT-EU	8 months ago	Capita scores 10 year pension contract – Channel EYE
CERT-EU	8 months ago	BlueVoyant joins Microsoft's Security Copilot Design Advisory Council
CERT-EU	8 months ago	Techrights — Links 19/11/2023: More Trouble in Microsoft's 'Open'AI and Amazon's Listening Devices
CERT-EU	8 months ago	To host AMLA, Rome needs to do more than just tackling financial crime
CERT-EU	8 months ago	AMD SEV OMG: Trusted execution undone by cache meddling
CERT-EU	9 months ago	AWS Digital Sovereignty Pledge: Announcing a new, independent sovereign cloud in Europe
CERT-EU	9 months ago	Amazon Rolls Out Independent Cloud for Europe to Address Stricter Privacy Standards
CERT-EU	9 months ago	Amazon rolls out new independent cloud for Europe
CERT-EU	9 months ago	AWS European Sovereign Cloud allows customers to keep all metadata in the EU - Help Net Security