The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

DragonForce Ransomware

Oct 4, 2024 1:05:42 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Lockbit 3.0, Conti, evolving, Emerging, DragonForce

0 Comments

Related Families: LockBit 3.0, Conti
Verticals Targeted: Business Services, Construction, Retail, Telecommunications, Manufacturing, Mining, Government, Healthcare, Transportation, Energy, Software, Education 

Executive Summary

DragonForce is a ransomware as a service (RaaS) that has significantly evolved in the past year, making it a formidable threat.

Read More

Labyrinth Chollima Using Poisoned Python Packages to Deliver PondRAT

Sep 30, 2024 1:49:09 PM / by The Hivemind posted in Threat Bulletin, North Korea, Linux, MacOS, PondRAT, PoolRAT, Labyrinth Chollima

0 Comments

Related Families: PondRAT, PoolRAT
Verticals Targeted: Software Development 

Executive Summary

North Korea nexus threat actor group Labyrinth Chollima was observed using poisoned Python packages to deliver PondRAT, a backdoor that targets MacOS and Linux systems.  

Read More

Vice Society Using INC Ransomware to Target Healthcare Vertical

Sep 27, 2024 4:06:33 PM / by The Hivemind posted in Threat Bulletin, Ransomware, INC, Vice Society

0 Comments

Verticals Targeted: Healthcare

Executive Summary

Vice Society was recently observed using INC ransomware to target entities in the healthcare sector.

Read More

Ajina Android Malware

Sep 23, 2024 2:03:45 PM / by The Hivemind posted in Threat Bulletin, Android, Banker, Ajina

0 Comments

Verticals Targeted: Financial 

Executive Summary

Ajina is an Android banking malware that masquerades as legitimate Android apps in order to steal banking information and intercept 2FA.

Read More

Cicada3301 Ransomware

Sep 20, 2024 11:04:36 AM / by The Hivemind posted in Threat Bulletin, Ransomware, BlackCat, ALPHV, Cicada3301

0 Comments

Related Families: ALPHV/BlackCat
Verticals Targeted: Construction, IT, Legal Services, Retail, Healthcare, Transportation, Telecommunications, Hospitality, Finance, Real Estate, Manufacturing

Executive Summary

Cicada3301 is a new ransomware as a service (RaaS) that uses sophisticated TTPs to target vulnerabilities within network infrastructures to deploy its ransomware attacks.

Read More

New Lumma C2 Variant Leverages PowerShell

Sep 16, 2024 2:58:00 PM / by The Hivemind posted in Threat Bulletin, Infostealer, CAPTCHA, Lumma C2, PowerShell

0 Comments

Executive Summary

A new Lumma C2 variant that leverages PowerShell was recently observed. The new variant’s attack chain masquerades as CAPTCHA and actively exploits PowerShell commands.

Read More

HZ Rat MacOS Variant

Sep 13, 2024 2:19:08 PM / by The Hivemind posted in Threat Bulletin, Backdoor, RAT, MacOS, HZ Rat

0 Comments

Executive Summary

A MacOS variant of HZ Rat was recently discovered targeting messaging apps in China. HZ Rat is a basic backdoor, and shell commands received from the C2 provide additional functionality.

Read More

Voldemort

Sep 9, 2024 12:52:20 PM / by The Hivemind posted in Threat Bulletin, Espionage, Backdoor, Voldemort

0 Comments

Verticals Targeted: Insurance, Aerospace, Transportation, Education, Finance, Technology, Healthcare, Automotive, Hospitality, Energy, Government, Media, Manufacturing, Telecommunications 

Executive Summary

An espionage campaign delivering the Voldemort backdoor was recently observed targeting over 70 organizations. The campaign uses a novel attack chain to deliver the malware, leveraging Google Sheets for command and control (C2).

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts