The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Cyberstance promoted to Arbiter in the PolySwarm Marketplace

Mar 22, 2023 12:46:51 PM / by PolySwarm Tech Team posted in Partner, Engine, Arbiter

0 Comments



“We are excited to promote Cyberstanc as the next Arbiter in the PolySwarm Marketplace. The Cyberstanc Engine has proven itself in the PolySwarm Marketplace to be reliable and accurate for the past 2.5 years. Their unique malware detection and threat intelligence insights will continue to support PolySwarm’s crowdsourced ecosystem of innovative anti-malware engines in their fight against malware.” - Steve Bassi, CEO of PolySwarm.

AI-driven cybersecurity company, Cyberstanc’s Engine joined PolySwarm’s Marketplace on Oct 29, 2020. Since then, their threat detection engine has proven to accurately and reliably detect malware. And as a result, they have earned the role of Arbiter. Cyberstanc’s new role within the platform will be to arbitrate on engine determinations to establish ‘ground truth,’ which means making a final decision on the maliciousness of submitted samples 2 to 3 weeks after first being scanned.

As pioneers in malware detection and mitigation strategies, our partnership with PolySwarm has led to a more secure digital world. Our exceptional capabilities in detecting and preventing malicious attacks as an arbiter ensure a collaborative ecosystem for malware analysis. Our reliable threat detection engine enables us to make final decisions on tracking APT groups and detecting new malware, providing customers with a rapid response to new and evasive threats.- Rohit Bankoti, Cyberstanc Founder and COO.

About Cyberstanc

Cyberstanc is a product-based company in the field of cybersecurity that provides managed security services. Cyberstanc continues to work to address some of the biggest security challenges, with constant innovations and the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. Cyberstanc specializes in the safe simulation of cyber-attacks, threats, tactics, and procedures with cutting-edge technology. Learn more at www.cyberstanc.com.

About PolySwarm

Staying ahead of emerging malware threats is the best way to protect your business. Yet the increasing magnitude and sophistication of malware attacks is an ongoing challenge. By tapping into PolySwarm’s next-generation malware intelligence marketplace, you get better insight faster, so you can cut through extraneous, inaccurate data to detect, analyze, and respond to the most critical threats before they can make an impact.

PolySwarm’s first-of-its-kind marketplace focuses on democratizing malware intelligence by using a blockchain backend to compensate both the researcher-based malware engines and ongoing sources of new malware samples. The result of this compensation model is that it enables you to prioritize, focus, and scale your cybersecurity efforts with unprecedented speed and accuracy. For more information, please visit polyswarm.ioor try PolySwarm free at polyswarm.network

Read More

Exfiltrator-22 Framework

Mar 21, 2023 2:09:02 PM / by The Hivemind posted in Threat Bulletin, LockBit, Lockbit 3.0, Exfiltrator-22, EX-22, framework

0 Comments

Related Families: LockBit, LockBit 3.0
Verticals Targeted: Multiple 

Executive Summary

CYFIRMA recently reported on Exfiltrator-22, also known as EX-22, a new post-exploitation framework capable of spreading ransomware while evading detection.

Key Takeaways

  • Exfiltrator-22, also known as EX-22, is a new post-exploitation framework capable of spreading ransomware while evading detection. 
  • Exfiltrator-22, which is a framework-as-a-service, is designed to primarily target corporate networks.
  • Analysts at CYFIRMA have linked Exfiltrator-22 to former LockBit 3.0 affiliates.

Read More

IceFire Ransomware Linux Variant

Mar 17, 2023 2:56:51 PM / by The Hivemind posted in Threat Bulletin, Ransomware, IceFire, CVE-2022-47986

0 Comments

Verticals Targeted: media, entertainment

Executive Summary

Sentinel Labs recently reported on a new Linux variant of IceFire ransomware. The threat actors responsible for IceFire exploit CVE-2022-47986 to deploy the ransomware. 

Read More

SysUpdate Linux Variant

Mar 14, 2023 3:30:50 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, RAT, Trojan, SysUpdate, Iron Tiger, Emissary Panda, APT27

0 Comments

Verticals Targeted: Gambling

Executive Summary

Trend Micro recently reported on a new Linux variant of Emissary Panda’s SysUpdate. SysUpdate is one of Emissary Panda’s custom tools. 

Read More

BlackLotus UEFI Bootkit

Mar 10, 2023 12:13:45 PM / by The Hivemind posted in Threat Bulletin, Windows, UEFI, CVE-2022-21894, BlackLotus, Bootkit, Windows 11, Baton Drop

0 Comments

Executive Summary

BlackLotus is the first known bootkit to bypass UEFI Secure Boot on fully updated Windows 11 systems. It leverages CVE-2022-21894 to bypass UEFI Secure Boot.

Read More

Parallax RAT Targeting Crypto

Mar 7, 2023 11:36:09 AM / by The Hivemind posted in Threat Bulletin, Cryptocurrency, RAT, Parallax, ParallaxRat

0 Comments

Verticals Targeted: Cryptocurrency, DeFi, Finance 

Executive Summary

Uptycs recently reported on activity in which threat actors used Parallax RAT to target entities in the cryptocurrency sector.

Read More

Royal Ransomware Linux Variant

Mar 3, 2023 1:25:10 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Royal

0 Comments

Verticals Targeted: IT, Financial, Materials, Healthcare, Food Production 

Executive Summary

Trend Micro recently reported on a new Linux variant of Royal ransomware that targets Linux systems and  ESXi servers. Royal ransomware is yet another contender among the many ransomware families now targeting Linux systems.

Read More

Cl0p Linux Variant

Feb 28, 2023 12:53:32 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Cl0p

0 Comments

Verticals Targeted: Education, Various

Executive Summary

SentinelLabs recently reported on a newly discovered Linux variant of Cl0p ransomware. The Linux variant is similar to the Windows variant but uses a flawed encryption logic.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts