{ "id": "f7b77777-3e1e-4e1a-b909-bd1b598eeecf", "created_at": "2026-04-06T00:09:55.032755Z", "updated_at": "2026-04-10T03:31:51.363985Z", "deleted_at": null, "sha1_hash": "90661840f599985efce87f63c04d6a7de8fe0cca", "title": "Rewterz Threat Alert - MurenShark APT Threat Actors aka Actor210426 - Active IOCs - Rewterz", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 40542, "plain_text": "Rewterz Threat Alert - MurenShark APT Threat Actors aka\r\nActor210426 - Active IOCs - Rewterz\r\nPublished: 2023-02-15 · Archived: 2026-04-02 11:11:48 UTC\r\nSeverity\r\nHigh\r\nAnalysis Summary\r\nIn April 2021, researchers identified a new advanced threat entity, Actor210426, which was later named\r\nMurenShark. MurenShark is an APT group active in the Middle East, primarily targeting Turkey. This group\r\nattacked the Turkish Navy project called “MÜREN” in 2022 and is believed to have shown interest in military\r\nprojects. In addition to this, it has also been discovered that the group has targeted research institutes, universities\r\nand other sensitive targets. This group is known to have rich experience in counter-analysis, reverse traceability\r\nand other forms of cyber espionage. It has also been observed that this group has been known to use attack tools\r\nand methods to avoid easy detection. The group also uses compromised websites as its file server and command\r\nand control (C\u0026C) server, employing split-functionality in order to conceal its activity and extend its reach. It is\r\nalso believed to be using a known attack tool, called NiceRender, to phish victims. \r\nMurenShark has been linked to various cyber espionage campaigns, including the theft of intellectual property and\r\nother sensitive data. The group is known for using a variety of sophisticated tactics, techniques, and procedures\r\n(TTPs) to evade detection and maintain persistence within target networks.\r\nImpact\r\nPenetration Of Targeted Network\r\nKey Data Theft\r\nIntellectual Property Theft\r\nIndicators of Compromise\r\nMD5\r\n059f01038dfc4c084cb3b9c847c8eab9\r\n378ed43137e00a12c3cf013f98c3d653\r\nSHA-256\r\n4c04d38ded8afb34af4617b5ed73db263c64593525ea729423838f5b2e4bd975\r\n505867bd9495f47db05a249280c1c6a5236ba4ffe305645f54db48527fcb74eb\r\nhttps://www.rewterz.com/rewterz-news/rewterz-threat-alert-murenshark-apt-threat-actors-aka-actor210426-active-iocs\r\nPage 1 of 2\n\nSHA-1\r\n6fd230bc18bd8a8f1c4847212050c56e668cdd66\r\n454c3515ee0487c94b4bb4e9f6ebd7b8c2ef192d\r\nRemediation\r\nBlock all threat indicators at your respective controls.\r\nSearch for Indicators of compromise (IOCs) in your environment utilizing your respective security controls\r\nMaintain cyber hygiene by updating your anti-virus software and implementing a patch management\r\nlifecycle.\r\nMaintain Offline Backups\r\nEmails from unknown senders should always be treated with caution.\r\nNever trust or open ” links and attachments received from unknown sources/sender\r\nStrengthen Endpoint security with antivirus software, firewalls, and other security tools that can help detect\r\nand prevent malware infections.\r\nImplement Access Control policies that restrict access to sensitive data and resources can help limit the\r\ndamage of a potential breach.\r\nAssess the organization’s security posture that can help identify vulnerabilities and address them before\r\nthey can be exploited by threat actors like MurenShark.\r\nSource: https://www.rewterz.com/rewterz-news/rewterz-threat-alert-murenshark-apt-threat-actors-aka-actor210426-active-iocs\r\nhttps://www.rewterz.com/rewterz-news/rewterz-threat-alert-murenshark-apt-threat-actors-aka-actor210426-active-iocs\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-murenshark-apt-threat-actors-aka-actor210426-active-iocs" ], "report_names": [ "rewterz-threat-alert-murenshark-apt-threat-actors-aka-actor210426-active-iocs" ], "threat_actors": [ { "id": "f6a742aa-6f89-4f79-973f-1ee1ce6bf763", "created_at": "2023-11-17T02:00:07.597764Z", "updated_at": "2026-04-10T02:00:03.455973Z", "deleted_at": null, "main_name": "MurenShark", "aliases": [ "Actor210426" ], "source_name": "MISPGALAXY:MurenShark", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434195, "ts_updated_at": 1775791911, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/90661840f599985efce87f63c04d6a7de8fe0cca.pdf", "text": "https://archive.orkl.eu/90661840f599985efce87f63c04d6a7de8fe0cca.txt", "img": "https://archive.orkl.eu/90661840f599985efce87f63c04d6a7de8fe0cca.jpg" } }