Shark

Malware updated a month ago (2024-10-17T12:05:07.007Z)

Download STIX

Preview STIX

Shark is a malicious software (malware) deployed by the cyber threat group known as OilRig. In 2021, OilRig updated its DanBot backdoor and began deploying multiple new backdoors including Shark, Milan, and Marlin, as reported in the T3 2021 issue of the ESET Threat Report. This malware can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can compromise personal information, disrupt operations, or even hold data hostage for ransom. Throughout 2022, the same pattern was observed on multiple occasions with new downloaders being deployed in the networks of previous OilRig targets. For example, between June and August 2022, the OilBooster, SC5k v1, and SC5k v2 downloaders and the Shark backdoor were all detected in the network of a local governmental organization in Israel. Both the Solar and Shark backdoors use URIs with simple upload and download schemes to communicate with the C&C server, indicating a clear overlap in tools and targeting used by OilRig. In a different context, the term "Shark" has been associated with a successful "Shark Tank"-style competition, where each finalist makes a presentation and then answers questions from a panel. This event allows cybersecurity companies to demonstrate their technology and discuss case studies with existing customers. The use of a virtual private network (VPN) like Surf Shark or ExpressVPN is recommended for enhanced privacy and encryption during these events.

Description last updated: 2024-10-17T11:43:26.109Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Milan is a possible alias for Shark. Milan is a malicious software, or malware, that has been linked to the OilRig cyber-espionage group. The malware was updated and deployed alongside other backdoors such as Shark, DanBot, and Marlin in 2021. Milan shares similar communication schemes with other OilRig backdoors, notably using URIs wi	2
DanBot is a possible alias for Shark. DanBot is a malicious software (malware) written in C# using .NET Framework 2.0 that provides basic remote access capabilities. It was identified as part of the arsenal used by the cyber threat group, OilRig, and has been linked to other backdoors such as Solar, Shark, Milan, and Marlin. The malware	2
Marlin is a possible alias for Shark. Marlin is a type of malware, or malicious software, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Marlin can steal personal information, disrupt operations, or even hold data	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Sandbox

Windows

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Sc5k Malware is associated with Shark. SC5k is a malware developed by OilRig, first discovered in November 2021 during the group's Outer Space campaign. This malicious software acts as a vehicle to deploy a downloader called SampleCheck5000 (SC5k), which utilizes the Office Exchange Web Services (EWS) API to download additional tools for	Unspecified	3

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The OilRig Threat Actor is associated with Shark. OilRig, also known as APT34, Earth Simnavaz, Evasive Serpens, and other names, is a well-known threat actor in the cybersecurity industry. This group has been particularly active in targeting entities in the Middle East, including critical infrastructure and telecommunications organizations. One of	Unspecified	2

Source Document References

Information about the Shark Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	2 months ago	Robert Herjavec Passes Cyderes CEO Role to Chris Schueler
DARKReading	3 months ago	Knostic Wins 2024 Black Hat Startup Spotlight Competition
DARKReading	3 months ago	Startup Spotlight: RAD Security Brings Behavioral Profiling to Cloud
Trend Micro	3 months ago	AI Pulse: Sticker Shock, Rise of the Agents, Rogue AI
DARKReading	4 months ago	Startup Spotlight: Knostic Tackles AI's Oversharing Problem
DARKReading	4 months ago	Startup Spotlight: LeakSignal Plugs Leaky Data in Organizations
CERT-EU	8 months ago	A call for digital-privacy regulation 'with teeth' at the federal level
CERT-EU	10 months ago	The 23 best '90s movies on Max for a totally rad night in
CERT-EU	10 months ago	Growing number of sharks being killed despite global regulatory changes: study
CERT-EU	10 months ago	Cheap .cloud domains and Shark Tank fuel unhealthy scams
CERT-EU	10 months ago	Cheap .cloud domains and Shark Tank fuel unhealthy scams
CERT-EU	10 months ago	Netcraft Report Surfaces Spike in Online Healthcare Product Scams
CERT-EU	10 months ago	New Year, New Scams - Health product scam campaigns abusing cheap TLDs \| Netcraft
CERT-EU	10 months ago	The Beekeeper review: An amusingly bad Jason Statham action movie \| Digital Trends
CERT-EU	10 months ago	Can 'house hacking' help Gen Z afford homeownership? \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	‘Hacking’ solutions: Teams in Cooper competition are working on ways to help different communities through technology \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	George Santos traded a $174K congressional salary for a six-figure career on Cameo. The app’s CEO says it’s one of ‘the best launches we’ve ever had’
ESET	a year ago	OilRig’s persistent attacks using cloud service-powered downloaders
DARKReading	a year ago	Iran-Linked 'OilRig' Cyberattackers Target Israel's Critical Infrastructure, Over & Over
Flashpoint	2 years ago	No title