The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

NullMixer Drops Multiple Malware Families

Oct 6, 2022 11:55:06 AM / by PolySwarm Tech Team posted in Threat Bulletin, RedLine Stealer, NullMixer, Satacom, Dropper, SmokeLoader, PseudoManuscrypt, ColdStealer, FormatLoader, CsdiMonetize, Disbuk, Fabookie, DanaBot, Racealer, Generic.ClipBanker, SgnitLoader, ShortLoader, Downloader.INNO, LgoogLoader, Downloader.Bitser, C-Joker, PrivateLoader, GCleaner, Vidar

0 Comments

Related Families: SmokeLoader, RedLine Stealer, PseudoManuscrypt, ColdStealer, FormatLoader, CsdiMonetize, Disbuk, Fabookie, DanaBot, Racealer, Generic.ClipBanker, SgnitLoader, ShortLoader, Downloader.INNO, LgoogLoader, Downloader.Bitser, C-Joker, PrivateLoader, Satacom, GCleaner, Vidar

Verticals Targeted: Multiple

Executive Summary

Kaspersky recently reported on NullMixer, a dropper used to drop a myriad of malware families, including SmokeLoader, RedLine Stealer, PseudoManuscrypt, ColdStealer, FormatLoader, CsdiMonetize, Disbuk, Fabookie, DanaBot, Racealer, Generic.ClipBanker, SgnitLoader, ShortLoader, Downloader.INNO, LgoogLoader, Downloader.Bitser, C-Joker, PrivateLoader, Satacom, GCleaner, and Vidar. 

Read More

SideWalk Linux Variant

Oct 3, 2022 12:59:17 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, Backdoor, SparklingGoblin, SideWalk

0 Comments

Related Families: Specter RAT, SideWalk (Windows)
Verticals Targeted: Education

Executive Summary

ESET recently reported on a SideWalk Linux variant. SideWalk is a backdoor used by the SparklingGoblin threat actor group.

Read More

Deadbolt Ransomware

Sep 29, 2022 11:22:49 AM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, QNAP, Deadbolt

0 Comments

Executive Summary

Sophos recently reported on Deadbolt ransomware, a malware family targeting QNAP devices. QNAP released an advisory on the affected products. 

Read More

BianLian Ransomware

Sep 26, 2022 1:05:33 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, BianLian

0 Comments


Verticals Targeted: Professional Services, Media and Entertainment, Manufacturing, Healthcare, Energy and Utilities, Education, Financial

Executive Summary

Cyble recently reported on BianLian, a new ransomware variant written in Go. It has been used to target multiple verticals.

Read More

New Armageddon Activity Targets Ukraine

Sep 22, 2022 9:45:11 AM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Infostealer, Armageddon, Gameredon, Primitive Bear, Shuckworm

0 Comments



Executive Summary

Cisco Talos researchers recently reported on new activity perpetrated by Russian nexus threat actor group Armageddon. The group is using a new infostealer to target entities in Ukraine.

Key Takeaways

Read More

Kimsuky GoldDragon C2 Cluster

Sep 19, 2022 11:06:44 AM / by PolySwarm Tech Team posted in Threat Bulletin, Espionage, North Korea, Kimsuky, GoldDragon

0 Comments

Verticals Targeted: Think Tanks, Media, Government

Executive Summary

In early 2022, the North Korean threat actor group Kimsuky targeted a South Korean think tank and media entities. In this campaign, they leveraged what is known as the GoldDragon backdoor and associated C2 cluster.

Key Takeaways

Read More

Shikitega Linux Malware

Sep 15, 2022 10:51:05 AM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, Shikitega, CVE-2021-4034, CVE-2021-3493

0 Comments



Executive Summary

In our 2021 Year in Review, we predicted a rise in Linux malware for 2022. AT&T Alien Labs recently reported on Shikitega, a new Linux malware with stealth capabilities.

Key Takeaways

Read More

DarkAngels Linux Ransomware

Sep 12, 2022 10:45:13 AM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, Linux, DarkAngels

0 Comments

Related families: Babuk

Executive Summary

Uptycs recently reported on a new DarkAngels Linux ransomware variant that appears to still be in development.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More