The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Rhysida On The Rampage

C3RB3R Exploiting CVE-2023-22518

SecuriDropper Android Malware

New MOVEit Activity

BiBi-Linux Wiper

MOIS Affiliated Threat Actor Using Liontail Framework


Stayin Alive Campaign Targets Telecoms and Government Entities in Asia

Akira Ransomware

Qakbot Threat Actors Distributing Ransom Knight And Remcos

Mirai IZ1H9



Stealth Falcon's Deadglyph Backdoor

New BBTok Variant

ShroudedSnooper Targeting Telecommunications in the Middle East

Earth Lusca's SprySOCKS Linux Backdoor

ALPHV Hacks MGM Grand

Charming Kitten Using Sponsor Backdoor

Mallox Ransomware

BadBazaar Spyware Variants Delivered Via Trojanized Android Apps

Carderbee Targets Hong Kong in Supply Chain Attack

UNC4841 Targeting Government Entities with Barracuda ESG 0day

New XLoader Variant Disguised as Signed App

Go-Based Proxy Targets Windows and Mac Systems

Cuba Ransomware Used Veeam Vulnerability (CVE-2023-27532)

Monti Ransomware Linux Variant

DroxiDat Targets African Power Company

Rhysida and LockBit Observed Targeting the Healthcare Vertical

Ransomware Threats to the Healthcare Vertical

Realst MacOS Infostealer

SpyNote Targets Utility Company Customers

Wicked Panda Using WyrmSpy and DragonEgg Android Spyware

The Evolution of BPFDoor

Fin8 Using Sardonic Backdoor


Vixen Panda's Graphican Backdoor

CVE-2022-31199 Used in Truebot Attacks

Anatsa Android Banking Trojan

Condi DDoS Botnet

DcRAT Distributed Via Adult Content Themed Lures

Cadet Blizzard

Asylum Ambuscade

Cl0p Reportedly Using MOVEit 0day (CVE-2023-34362)

BlackSuit Ransomware


Volt Typhoon Targets US Critical Infrastructure


BlackByte NT

Geacon - Cobalt Strike for MacOS

RedStinger Targets Critical Infrastructure

Winnti Subgroup Earth Longzhi Uses New TTPs

Reaper Uses New TTPs to Drop RokRAT

BlueNoroff's RustBucket MacOS Malware

PingPull Linux Variant

Tomiris Targets Central Asia in Espionage Campaign

Mint Sandstorm Targets US Critical Infrastructure

Goldoson Android Adware

LockBit MacOS Variant

Iranian Threat Actors Target Hybrid Environment

Rorschach Ransomware

Bitter APT Campaign Targets Energy Sector

MacStealer Targeting MacOS Devices

Nexus Android Banking Trojan

Trigonia Ransomware

CatB Ransomware

YoroTrooper Targeting Energy & Government Entities

Cyberstance promoted to Arbiter in the PolySwarm Marketplace

Exfiltrator-22 Framework

IceFire Ransomware Linux Variant

SysUpdate Linux Variant

BlackLotus UEFI Bootkit

Parallax RAT Targeting Crypto

Royal Ransomware Linux Variant

Cl0p Linux Variant

MortalKombat Ransomware Used in Recent Campaign

ESXiArgs Ransomware

Pro-Palestine Group Targets Israeli Chemical Sector

Emotet’s New TTPs

Mimic Ransomware

Roaming Mantis Wroba.o Android Malware

Hook Android Banking Trojan

Malicious Lolip0p PyPI Packages Drop Wacatac

Fake Cracked Software Sites Delivering Stealers

Recent Turla Activity Targeting Ukraine

Consulate Health Ransomware attack

2023 Malware to Watch

PolySwarm's 2023 Analyst Predictions

Godfather Android Banking Trojan

PolySwarm 2022 Recap - Threat Actor Activity Highlights: Russia

PolySwarm 2022 Recap - Threat Actor Activity Highlights: China

PolySwarm 2022 Recap - Threat Actor Activity Highlights: North Korea

PolySwarm 2022 Recap - Threat Actor Activity Highlights: Iran

PolySwarm 2022 Recap - War of the Wipers

PolySwarm 2022 Recap - Threats to the Gaming Industry

2022 Recap - Mobile Malware Threat Landscape

W4SP Infostealer

Royal Ransomware

Malware Leverages CAPTCHA to Bypass Browser Warning

Phishing and Android Malware Campaign Targets Indian Banks

Azov Ransomware Built to Wipe Data

Recent Threats to the Healthcare Vertical

Android Droppers on Google Play Store Distribute Banking Trojans

Winnti Targets Hong Kong With Spyder Loader

Prestige Ransomware

SideWinder WarHawk Backdoor

Cyber Threats to Aviation and Aerospace

Earth Aughisky's Malware Arsenal

Emotet Observed Using New TTPs

RatMilad Android Spyware

Harly Android Trojan Subscriber

North Korean Threat Actors Living Off the Land

NullMixer Drops Multiple Malware Families

SideWalk Linux Variant

Deadbolt Ransomware

BianLian Ransomware

New Armageddon Activity Targets Ukraine

Kimsuky GoldDragon C2 Cluster

Shikitega Linux Malware

DarkAngels Linux Ransomware

Charming Kitten Hyperscrape Tool

Agenda Ransomware

Lightning Framework


Bumblebee Loader

RapperBot Targets IoT

Mars Stealer Malware Targeting Crypto

Woody RAT Targets Russia

Manjusaka Framework

Luca Stealer

Lilith Ransomware

Raspberry Robin

PennyWise Infostealer Targets Crypto and Browsers

APT 29 Using Brute Ratel

Recent Ransomware Threats to Healthcare

HavanaCrypt Distributed Via Fake Google Software Update

Lockbit 3.0

New Hive Ransomware Rust Variant

SessionManager Targets Governments and NGOs

Black Basta Ransomware

Cerber2021 Targets Windows and Linux

PingPull Targets Telecom, Government, and Financial Verticals

Lyceum .NET DNS Backdoor “DnsSystem”

Symbiote Linux Malware

Pymafka Targets macOS, Windows, Linux

Enemybot IoT Malware

Follina MSDT Vulnerability (CVE-2022-30190)

PolySwarms New Hunt Functionality

New ArguePatch Variant Spotted

Cryware Targets Crypto Wallets

Space Pirates Target Russian Aerospace

BPFDoor Targets Linux Systems

Armageddon Leverages New Pterodo Variants

Lazarus Group Targets Crypto With TraderTraitor

IcedID and Zimbra Exploits Target Ukrainian Government Entities

Denonia Cryptominer Targets AWS Lambda

Industroyer2 Targets Ukrainian Energy Company

Borat RAT - A Triple Threat

AcidRain Wiper

Serpent Backdoor

BlackCat Ransomware

Surtr Ransomware

Nokoyawa Ransomware


AvosLocker Ransomware

Muddy Water Uses SloughRAT in Recent Campaigns

RedLine Stealer Delivered Via Fake Windows 11 Update


Jester Stealer

HermeticWiper & IsaacWiper Target Ukraine

Daxin Backdoor

Sugar Ransomware Targets Individuals Instead of Enterprises

BlackByte Ransomware Targets Critical Infrastructure

Wicked Panda’s ShadowPad RAT

Russian Websites Down As Russia Fears Critical Infrastructure Attacks

DDoS Attacks and New Wiper Malware Target Ukraine

Mythic Leopard Uses CapraRAT to Target Indian Government Officials

PolySwarm Threat Bulletin: US and European Banks Fear Russian Cyber Attack

PolySwarm Threat Bulletin: Molerats NimbleMamba Espionage Campaign Targeting MENA Countries

PolySwarm Threat Bulletin: Lazarus APT’s LolZarus Campaign Targets Defense Contractor

PolySwarm Threat Bulletin: Armageddon Activity Targeting Ukraine

Russia-Ukraine Conflict and Cyberwar Implications

NectarNet - NCT Token Rewards for Cyber Security Data

SecondWrite joins the PolySwarm marketplace

Emotet Banking Trojan Back in Action

QiAnXin joins the PolySwarm marketplace

Why a New Engine Creation and Management Architecture?

Security Telemetry: New utility use for Nectar (NCT)

SentinelOne joins the PolySwarm marketplace

Kaspersky joins PolySwarm’s marketplace as an arbiter

Progress to date and key milestones ahead

How to buy PolySwarm Nectar using Uniswap

Notice of coming changes for Engine developers

Inlyse joins the PolySwarm threat intelligence marketplace

Cyberstanc joins the PolySwarm threat intelligence marketplace

Initial Technical Analysis of EventBot Versions -

PolyScore™, the most advanced threat-scoring algorithm for malware

TeamT5's ThreatVision APT detection engine joins PolySwarm's marketplace

Join PolySwarm and Pacific Hackers Meetup for a digital event

PolySwarm now integrated with leading SOAR platform ThreatConnect

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts