Shark

Malware updated 23 days ago (2024-11-29T14:52:31.204Z)
Download STIX
Preview STIX
Shark is a malicious software (malware) deployed by the cyber threat group known as OilRig. In 2021, OilRig updated its DanBot backdoor and began deploying multiple new backdoors including Shark, Milan, and Marlin, as reported in the T3 2021 issue of the ESET Threat Report. This malware can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can compromise personal information, disrupt operations, or even hold data hostage for ransom. Throughout 2022, the same pattern was observed on multiple occasions with new downloaders being deployed in the networks of previous OilRig targets. For example, between June and August 2022, the OilBooster, SC5k v1, and SC5k v2 downloaders and the Shark backdoor were all detected in the network of a local governmental organization in Israel. Both the Solar and Shark backdoors use URIs with simple upload and download schemes to communicate with the C&C server, indicating a clear overlap in tools and targeting used by OilRig. In a different context, the term "Shark" has been associated with a successful "Shark Tank"-style competition, where each finalist makes a presentation and then answers questions from a panel. This event allows cybersecurity companies to demonstrate their technology and discuss case studies with existing customers. The use of a virtual private network (VPN) like Surf Shark or ExpressVPN is recommended for enhanced privacy and encryption during these events.
Description last updated: 2024-10-17T11:43:26.109Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Milan is a possible alias for Shark. Milan is a malicious software, or malware, that has been linked to the OilRig cyber-espionage group. The malware was updated and deployed alongside other backdoors such as Shark, DanBot, and Marlin in 2021. Milan shares similar communication schemes with other OilRig backdoors, notably using URIs wi
2
DanBot is a possible alias for Shark. DanBot is a malicious software (malware) written in C# using .NET Framework 2.0 that provides basic remote access capabilities. It was identified as part of the arsenal used by the cyber threat group, OilRig, and has been linked to other backdoors such as Solar, Shark, Milan, and Marlin. The malware
2
Marlin is a possible alias for Shark. Marlin is a type of malware, or malicious software, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Marlin can steal personal information, disrupt operations, or even hold data
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Sandbox
Windows
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Sc5k Malware is associated with Shark. SC5k is a malware developed by OilRig, first discovered in November 2021 during the group's Outer Space campaign. This malicious software acts as a vehicle to deploy a downloader called SampleCheck5000 (SC5k), which utilizes the Office Exchange Web Services (EWS) API to download additional tools forUnspecified
3
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The OilRig Threat Actor is associated with Shark. OilRig, also known as APT34, Earth Simnavaz, Evasive Serpens, and other names, is a well-known threat actor in the cybersecurity industry. This group has been particularly active in targeting entities in the Middle East, including critical infrastructure and telecommunications organizations. One of Unspecified
2
Source Document References
Information about the Shark Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
3 months ago
DARKReading
4 months ago
DARKReading
4 months ago
Trend Micro
4 months ago
DARKReading
5 months ago
DARKReading
5 months ago
CERT-EU
9 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
ESET
a year ago
DARKReading
a year ago
Flashpoint
2 years ago