Shark

Malware updated 9 days ago (2024-08-29T16:18:04.181Z)

Download STIX

Preview STIX

Shark is a malicious software (malware) developed and deployed by the cybercriminal group OilRig. In 2021, OilRig updated its DanBot backdoor and began deploying Shark, along with Milan and Marlin backdoors as mentioned in the T3 2021 issue of the ESET Threat Report. The malware was designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Once inside a system, it could steal personal information, disrupt operations, or even hold data hostage for ransom. Throughout 2022, the same pattern was observed on multiple occasions, with new downloaders being deployed in the networks of previous OilRig targets. For instance, between June and August 2022, the OilBooster, SC5k v1, and SC5k v2 downloaders, along with the Shark backdoor, were detected within the network of a local governmental organization in Israel. Besides the overlap in tools and targeting, there were multiple similarities between the Solar backdoor and the backdoors used in Out to Sea, mostly related to upload and download schemes to communicate with the Command & Control (C&C) server. The Shark malware has been linked to other cybersecurity threats, including the successful Shark Tank bust. This case involved a dating app that received positive feedback on Reddit, highlighting the broad scope of potential targets for such malicious software. To protect against such threats, it's recommended to use privacy measures like a virtual private network (VPN), such as Surf Shark or ExpressVPN, to obscure IP addresses and provide encryption. Despite these measures, the continuous evolution of cyber threats underlines the need for constant vigilance and updating of security protocols.

Description last updated: 2024-08-29T16:16:53.375Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Milan	2	Milan is a malicious software, or malware, that was notably deployed by the cyber group OilRig in 2021. The group updated its DanBot backdoor and began deploying multiple backdoors including Shark, Milan, and Marlin. These backdoors were mentioned in the T3 2021 issue of the ESET Threat Report. Simi
DanBot	2	DanBot is a malicious software (malware) written in C# using .NET Framework 2.0 that provides basic remote access capabilities. It was identified as part of the arsenal used by the cyber threat group, OilRig, and has been linked to other backdoors such as Solar, Shark, Milan, and Marlin. The malware
Marlin	2	Marlin is a type of malware, or malicious software, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Marlin can steal personal information, disrupt operations, or even hold data

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Sandbox

Windows

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Sc5k	Unspecified	3	SC5k is a malware developed by OilRig, first discovered in November 2021 during the group's Outer Space campaign. This malicious software acts as a vehicle to deploy a downloader called SampleCheck5000 (SC5k), which utilizes the Office Exchange Web Services (EWS) API to download additional tools for

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
OilRig	Unspecified	2	OilRig is a well-known threat actor in the cybersecurity landscape, notorious for its sophisticated attacks on various targets, including Middle Eastern telecommunications organizations and Israel's critical infrastructure sector. This entity has been linked to several high-profile campaigns such as

Source Document References

Information about the Shark Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Trend Micro	9 days ago	AI Pulse: Sticker Shock, Rise of the Agents, Rogue AI
DARKReading	a month ago	Startup Spotlight: Knostic Tackles AI's Oversharing Problem
DARKReading	a month ago	Startup Spotlight: LeakSignal Plugs Leaky Data in Organizations
CERT-EU	6 months ago	A call for digital-privacy regulation 'with teeth' at the federal level
CERT-EU	8 months ago	The 23 best '90s movies on Max for a totally rad night in
CERT-EU	8 months ago	Growing number of sharks being killed despite global regulatory changes: study
CERT-EU	8 months ago	Cheap .cloud domains and Shark Tank fuel unhealthy scams
CERT-EU	8 months ago	Cheap .cloud domains and Shark Tank fuel unhealthy scams
CERT-EU	8 months ago	Netcraft Report Surfaces Spike in Online Healthcare Product Scams
CERT-EU	8 months ago	New Year, New Scams - Health product scam campaigns abusing cheap TLDs \| Netcraft
CERT-EU	8 months ago	The Beekeeper review: An amusingly bad Jason Statham action movie \| Digital Trends
CERT-EU	8 months ago	Can 'house hacking' help Gen Z afford homeownership? \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	8 months ago	‘Hacking’ solutions: Teams in Cooper competition are working on ways to help different communities through technology \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	9 months ago	George Santos traded a $174K congressional salary for a six-figure career on Cameo. The app’s CEO says it’s one of ‘the best launches we’ve ever had’
ESET	9 months ago	OilRig’s persistent attacks using cloud service-powered downloaders
DARKReading	9 months ago	Iran-Linked 'OilRig' Cyberattackers Target Israel's Critical Infrastructure, Over & Over
Flashpoint	a year ago	No title
CERT-EU	9 months ago	Funding for local cybersecurity efforts is insufficient, survey says
CERT-EU	10 months ago	University of Tulsa sponsors $25,000 business pitch competition
CERT-EU	10 months ago	Cybersecurity budgets in local governments deemed lacking