The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

VooDoo Bear's Kapeka Backdoor Targets Critical Infrastructure

Apr 26, 2024 2:28:37 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, ICS, Energy, VooDoo Bear, Kapeka

0 Comments

Related Families: GreyEnergy, Prestige
Verticals Targeted: Critical Infrastructure

Executive Summary

Kapeka, also known as KnuckleTouch, is a novel backdoor used by VooDoo Bear to target entities in Eastern Europe.

Read More

Cerber Ransomware Linux Variant Exploiting CVE-2023-22518

Apr 22, 2024 2:02:42 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Cerber, CVE-2023-22518, Confluence

0 Comments

Related Families: Effluence

Executive Summary

A Linux variant of Cerber ransomware was observed exploiting CVE-2023-22518, a vulnerability affecting Atlassian Confluence.

Read More

Operation MidnightEclipse Leverages CVE-2024-3400

Apr 19, 2024 12:54:33 PM / by The Hivemind posted in Threat Bulletin, UPSTYLE, Operation MidnightEclipse, CVE-2024-3400

0 Comments

Related Families: UPSTYLE

Executive Summary

Since late March 2024, a threat actor dubbed UTA0218 has been leveraging a zero-day exploit of CVE-2024-3400.

Read More

DarkGate

Apr 15, 2024 3:29:16 PM / by The Hivemind posted in Threat Bulletin, Loader, DarkGate, CVE-2023-36025, CVE-2024-21412

0 Comments

Verticals Targeted: Financial

Executive Summary

DarkGate was observed in early 2024 in a campaign leveraging CVE-2024-21412 to target entities in the financial vertical.

Read More

Latrodectus

Apr 12, 2024 2:32:43 PM / by The Hivemind posted in Threat Bulletin, IcedID, DanaBot, Downloader, Latrodectus, TA577, TA578, IAB, initial access broker

0 Comments

Related Families: IcedID, DanaBot

Executive Summary

Latrodectus is a downloader first seen in the wild in late 2023.  It has been used by threat actors who operate as initial access brokers (IAB).

Read More

INC Ransomware

Apr 8, 2024 2:23:53 PM / by The Hivemind posted in Threat Bulletin, Government, Ransomware, Healthcare, INC

0 Comments

Verticals Targeted: Government, Healthcare

Executive Summary

INC is a relatively new ransomware group that has been active since summer 2023. The group recently claimed responsibility for attacks on Leicester City Council and NHS services in Scotland.

Read More

Vultur Android Malware

Apr 5, 2024 1:49:09 PM / by The Hivemind posted in Threat Bulletin, Android, Brunhilda, Vultur, Mobile, Banker

0 Comments

Related Families: Brunhilda
Verticals Targeted: Financial 

Read More

StrelaStealer Campaign Targeted US and EU

Apr 1, 2024 2:28:11 PM / by The Hivemind posted in Threat Bulletin, Government, Stealer, Energy, Manufacturing, Legal Services, Insurance, Construction, StrelaStealer, Email, Finance

0 Comments

Verticals Targeted: Technology, Finance, Legal Services, Manufacturing, Government, Energy, Insurance, Construction

Executive Summary

StrelaStealer was recently used in a widespread campaign targeting over 100 entities in the US and EU. The newest version of StrelaStealer is more advanced than previous versions and includes features to help thwart analysis.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More