The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Roaming Mantis Wroba.o Android Malware

Feb 3, 2023 1:20:46 PM / by The Hivemind posted in Threat Bulletin, Android, Shaoye, Xloader, Roaming Mantis, DNS, Wroba.o

0 Comments

Related Families: Wroba.o, Xloader

Executive Summary

Kaspersky SecureList recently reported on a Roaming Mantis campaign using Wroba.o with DNS hijacking to infect routers and Android devices.


Key Takeaways

Read More

Hook Android Banking Trojan

Jan 31, 2023 12:25:40 PM / by The Hivemind posted in Threat Bulletin, Banking, Android, RAT, Trojan, Hook, Ermac, DukeEugene

0 Comments

Related Families: Ermac
Verticals Targeted:
Financial

Executive Summary

Threat Fabric recently reported on Hook, an Android banking trojan that is a fork of Ermac.

Read More

Malicious Lolip0p PyPI Packages Drop Wacatac

Jan 27, 2023 2:58:20 PM / by The Hivemind posted in Threat Bulletin, PyPI, Supply Chain Attack, Lolip0p, Wacatac

0 Comments

Related Families: Wacatac

Executive Summary

Fortinet recently reported on a supply chain attack in which threat actors leveraged a 0-day attack embedded in three PyPI packages to deliver Wacatac.

Read More

Fake Cracked Software Sites Delivering Stealers

Jan 24, 2023 11:02:41 AM / by PolySwarm Tech Team posted in Threat Bulletin, Stealer, Infostealer, Racoon

0 Comments

Related Families: Raccoon, Vidar

Executive Summary

Sekoia recently reported on a campaign leveraging fake cracked software sites to deliver information stealers, including Raccoon and Vidar.

Read More

Recent Turla Activity Targeting Ukraine

Jan 19, 2023 12:39:38 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Espionage, Venomous Bear, Andromeda, Kopiluwak, Turla, QuietCanary

0 Comments

Related Families: Andromeda, Kopiluwak, QuietCanary

Executive Summary

Mandiant recently reported on a Turla campaign targeting Ukraine. The threat actors used multiple malware families in this campaign, including Kopiluwak, QuietCanary, and Andromeda.

Read More

Consulate Health Ransomware attack

Jan 18, 2023 2:35:50 PM / by The Hivemind posted in Malware, Ransomware, Hive, Cybercriminals

0 Comments



Ransomware attacks have become a major concern for businesses and organizations in recent years, with devastating consequences for those who fall victim. The Hive ransomware gang, which recently targeted Consulate Health Care, is one example of cybercriminals constructing sophisticated and ruthless tactics to steal sensitive data and extort money from their victims. But how can you protect yourself from these kinds of attacks in the future?

One solution is PolySwarm. Our platform uses advanced threat intelligence to stop ransomware attacks before they happen.

PolySwarm is a next-generation malware intelligence marketplace that connects businesses with a network of security experts and threat intelligence providers. Our platform can detect and analyze malware in real-time using cutting-edge technology, identifying potential threats before they can strike. This is achieved through our proprietary threat-scoring algorithm, PolyScore, which rates the probability that a given file contains malware. It weights engines’ determinations based on previous performance, history with similar file confidence levels, and other indicators.

One of the key features of PolySwarm is our ability to detect unknown or zero-day threats. These threats have yet to become known to the cybersecurity community and can be missed by traditional security solutions. However, PolySwarm's network of experts identifies these threats by analyzing the behavior of the malware rather than relying on signature-based detection methods.

In the case of the Hive ransomware gang attack and others like it, PolySwarm can detect the incident early on, allowing organizations to act before costly data is stolen. Receiving early alerts is the key to allowing your organization to take action and prevent theft.

Another benefit of PolySwarm is its ability to provide businesses with actionable intelligence. Once a threat has been identified, our platform can provide a detailed analysis of the malware, including information on its origins, targets, and potential consequences. This information can be used to improve an organization's overall security protocols, as well as to inform incident response and recovery teams.

Ransomware attacks are a serious and growing threat to businesses and organizations. The Hive ransomware gang is just one example of the devastating consequences of such attacks. However, by using advanced threat intelligence platforms like PolySwarm, organizations can protect themselves from future ransomware attacks and mitigate the damage caused by those that do occur.


Don’t have a PolySwarm account? Go here to sign up for a free Community plan or to subscribe.

Contact us at hivemind@polyswarm.io | Check out our blog | Subscribe to our reports

Read More

2023 Malware to Watch

Jan 17, 2023 1:31:56 PM / by The Hivemind posted in Threat Bulletin, Malware, 2023, Threat Landscape

0 Comments



Executive Summary

This threat bulletin features PolySwarm’s top malware to watch in 2023, as chosen by our analysts.

Read More

PolySwarm's 2023 Analyst Predictions

Jan 12, 2023 12:57:24 PM / by PolySwarm Tech Team posted in Threat Bulletin, Malware, 2023, Predictions, Threat Landscape

0 Comments



Executive Summary

This threat bulletin features PolySwarm analysts’ predictions for the 2023 threat landscape.


Key Takeaways

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts