Shark

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Shark is a type of malware, or malicious software, that was deployed by the cyber group OilRig. In 2021, OilRig updated its DanBot backdoor and began deploying the Shark, Milan, and Marlin backdoors, as highlighted in the T3 2021 issue of the ESET Threat Report. This harmful program can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Throughout 2022, a recurring pattern was observed where new downloaders were deployed in the networks of previous OilRig targets. For instance, between June and August 2022, the OilBooster, SC5k v1, SC5k v2 downloaders, and the Shark backdoor were all detected in the network of a local governmental organization in Israel. The Shark backdoor, along with other OilRig backdoors like Solar, ALMA, DanBot, and Milan, use URIs with simple upload and download schemes to communicate with the C&C server, with a "d" for download and a "u" for upload. In addition to the cybersecurity threats, the term "Shark" also appears in different contexts. The Shark Tank bust refers to a rare dating app that has received positive feedback on Reddit. Moreover, Surf Shark is a virtual private network (VPN) recommended for obscuring your IP address and providing encryption. It's important to note that these uses of "Shark" are unrelated to the Shark malware deployed by OilRig.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
DanBot
2
DanBot is a malicious software (malware) written in C# using .NET Framework 2.0 that provides basic remote access capabilities. It was identified as part of the arsenal used by the cyber threat group, OilRig, and has been linked to other backdoors such as Solar, Shark, Milan, and Marlin. The malware
Marlin
2
Marlin is a type of malware, or malicious software, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Marlin can steal personal information, disrupt operations, or even hold data
Milan
2
Milan is a type of malware that was part of an array of backdoors deployed by the cyber threat group OilRig in 2021. Other backdoors used by this group include Shark, DanBot, and Marlin. The Milan malware, like other backdoors used by OilRig, employs simple upload and download schemes for communicat
Kimsuky
1
Kimsuky, a threat actor linked to North Korea, has been identified as the perpetrator behind a series of advanced persistent threat (APT) attacks. The group is known for its malicious activities, which typically involve cyber espionage and targeted attacks on high-profile entities. Recently, Kimsuky
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Sandbox
Windows
Malware
Uk
Payload
Youtube
Rsa
Beacon
Scam
Governments
Eset
Scams
Vpn
Expressvpn
Encryption
Education
University
Government
Amazon
Health
Worm
Downloader
China
Japan
Talos
Reddit
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Sc5kUnspecified
3
SC5k is a malware developed by OilRig, first discovered in November 2021 during the group's Outer Space campaign. This malicious software acts as a vehicle to deploy a downloader called SampleCheck5000 (SC5k), which utilizes the Office Exchange Web Services (EWS) API to download additional tools for
AresloaderUnspecified
1
AresLoader is a type of malware that was first advertised for sale on the top-tier Russian-language hacking forum XSS in December 2022 by a threat actor named "DarkBLUP". This malicious software is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emai
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
OilRigUnspecified
2
OilRig is a well-known threat actor in the cybersecurity landscape, notorious for its sophisticated attacks on various targets, including Middle Eastern telecommunications organizations and Israel's critical infrastructure sector. This entity has been linked to several high-profile campaigns such as
LyceumUnspecified
1
Lyceum, also known as DEV-0133 and potentially linked to the OilRig group (aka APT34, Helix Kitten, Cobalt Gypsym, Crambus, or Siamesekitten), is a threat actor believed to be a Farsi-speaking entity active since 2018. It is suspected to be a subordinate element within Iran's Ministry of Intelligenc
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
OilboosterUnspecified
1
None
Source Document References
Information about the Shark Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
4 months ago
A call for digital-privacy regulation 'with teeth' at the federal level
CERT-EU
6 months ago
The 23 best '90s movies on Max for a totally rad night in
CERT-EU
6 months ago
Growing number of sharks being killed despite global regulatory changes: study
CERT-EU
6 months ago
Cheap .cloud domains and Shark Tank fuel unhealthy scams
CERT-EU
6 months ago
Cheap .cloud domains and Shark Tank fuel unhealthy scams
CERT-EU
6 months ago
Netcraft Report Surfaces Spike in Online Healthcare Product Scams
CERT-EU
6 months ago
New Year, New Scams - Health product scam campaigns abusing cheap TLDs | Netcraft
CERT-EU
6 months ago
The Beekeeper review: An amusingly bad Jason Statham action movie | Digital Trends
CERT-EU
6 months ago
Can 'house hacking' help Gen Z afford homeownership? | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
7 months ago
‘Hacking’ solutions: Teams in Cooper competition are working on ways to help different communities through technology | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
7 months ago
George Santos traded a $174K congressional salary for a six-figure career on Cameo. The app’s CEO says it’s one of ‘the best launches we’ve ever had’
ESET
7 months ago
OilRig’s persistent attacks using cloud service-powered downloaders
DARKReading
7 months ago
Iran-Linked 'OilRig' Cyberattackers Target Israel's Critical Infrastructure, Over & Over
Flashpoint
a year ago
No title
CERT-EU
8 months ago
Funding for local cybersecurity efforts is insufficient, survey says
CERT-EU
8 months ago
University of Tulsa sponsors $25,000 business pitch competition
CERT-EU
8 months ago
Cybersecurity budgets in local governments deemed lacking
CERT-EU
8 months ago
Probe of school surveillance software finds privacy abuses, inaccurate results
CERT-EU
10 months ago
OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes
CERT-EU
10 months ago
Shark Tank fame, billionaire investor Mark Cuban loses $870K in crypto scam