The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

PolySwarm Team

Find me on:

Recent Posts

PolySwarm Threat Bulletin: Lazarus APT’s LolZarus Campaign Targets Defense Contractor

Feb 14, 2022 11:18:26 AM / by PolySwarm Team posted in Threat Bulletin, Lazarus, LolZarus, APT, North Korea, LoLbins, Defense Vertical

0 Comments



Background

Qualys Threat Research recently reported on a new Lazarus espionage campaign leveraging employment phishing emails to target the defense sector, primarily targeting those applying for a job at Lockheed Martin. The targeting is similar to previous Lazarus campaigns which targeted Northrop Grumman and BAE Systems. Qualys refers to the current campaign as LolZarus due to the threat actor group’s use of LoLbins in some of the samples, which according to Qualys is the first known use of LoLbins by a well-known threat actor group.

Read More

PolySwarm Threat Bulletin: Armageddon Activity Targeting Ukraine

Feb 9, 2022 11:16:05 AM / by PolySwarm Team posted in Ukraine, Russia, Threat Bulletin

0 Comments



Background


Last week we released a report and blog post on the Russia-Ukraine conflict, past cyber altercations between the two nations, and potential cyber implications if the current conflict escalates. In our report, we mentioned historical activity perpetrated by the threat actor group Armageddon. Palo Alto’s Unit 42 recently reported ongoing activity targeting Ukraine, which they attributed to Armageddon, also known in the industry as Gameredon or Primitive Bear. While Unit 42 did not elaborate on the magnitude or implications of these attacks, they did provide a breakdown of Armageddon’s infrastructure.

Read More

Russia-Ukraine Conflict and Cyberwar Implications

Feb 4, 2022 11:40:46 AM / by PolySwarm Team posted in Ukraine, Russia, Special Report

0 Comments

Overview

  • Ongoing political tensions between Russia and Ukraine are at a breaking point, with the US and other NATO nations preparing to assist Ukraine if a military conflict arises.
  • Russia and Ukraine have a long history of state-sponsored cyber conflicts, including both espionage and disruptive attacks.
  • Recent cyber activity targeting Ukraine includes multiple government website defacements and WhisperGate, a wiper malware disguised as ransomware. IOCs for PolySwarm’s samples of WhisperGate are provided.
  • Hacktivists recently attacked Belarus Railway to protest Russian troop transport and demand the release of “political prisoners.” This incident marked the first time hacktivists have leveraged ransomware in pursuit of political objectives.
  • The cyber struggle between Russia and Ukraine has the potential to spill over and have a real-world kinetic impact. Our analysts provide a list of implications.
Read More

NectarNet - NCT Token Rewards for Cyber Security Data

Jan 31, 2022 5:56:00 AM / by PolySwarm Team posted in Insider, Explained, Product

0 Comments

I'm interested in the Beta

Read More

SecondWrite joins the PolySwarm marketplace

Jan 7, 2022 7:24:46 AM / by PolySwarm Team posted in Partner, Engine

0 Comments

“SecondWrite is excited to join Polyswarm’s marketplace as an engine. Our mission is to secure computers and networks using our market-leading technology to detect malware. Polyswarm enables us to reach a large community of users and provides us with additional recent samples for our threat intelligence.” stated Rajeev Barua, CEO of SecondWrite.

Read More

QiAnXin joins the PolySwarm marketplace

Sep 1, 2021 8:30:21 AM / by PolySwarm Team posted in Partner, Engine

0 Comments

"As a unique malware detection and threat intelligence data platform, PolySwarm's crowdsourced model substantially improves the ability to explore, enrich, and mine malware data, which directly benefits the infosec community. Qi An Xin is excited to partner with PolySwarm to continue to innovate” Liejun Wang, Director of Threat Intelligence at QiAnXin.

Read More

Security Telemetry: New utility use for Nectar (NCT)

May 17, 2021 3:05:27 PM / by PolySwarm Team posted in Explained, PolySwarm, Blockchain

0 Comments

Today we introduce a new utility use for PolySwarm’s Nectar token for average users: distributing rewards for security-relevant data about TLS certificates, DNS resolutions, and potentially malicious files encountered in daily computer use. Many of these telemetry sources are already collected from user devices by Antivirus (AV) providers. Still, there are a number of serious issues with how they are collected, how users are compensated for their information, and how these results are shared. By re-imagining how this marketplace works, we can increase collection transparency, fairly compensate all participants in the marketplace, and, most importantly, create a more unified source of security telemetry that will better protect users worldwide.

Read More

SentinelOne joins the PolySwarm marketplace

Apr 8, 2021 12:17:20 PM / by PolySwarm Team posted in Partner, Engine

0 Comments

 

SentinelOne joined PolySwarm’s marketplace, and their threat detection engine is now live. The US-based company, a pioneer in advanced endpoint protection, leverages machine learning designed to identify unknown malware and remediate threats in real-time.  

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts