The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

PolySwarm Tech Team

Find me on:

Recent Posts

Emotet Banking Trojan Back in Action

Nov 30, 2021 12:25:13 PM / by PolySwarm Tech Team posted in PolySwarm, Research

0 Comments

Verticals Affected: Financial, Various
Victim Location: US, UK, Germany, Canada
Related Malware Families: TrickBot, Ryuk, QakBot, Zloader

A number of threat intelligence companies have recently reported on the return of the Emotet banking trojan. We first saw new variants of Emotet in our marketplace on November 15, 2021, before any industry in-depth analysis reports were released.

Emotet was considered dead after its takedown by law enforcement groups in January 2021. Although leftover samples existed in the wild, there was no network infrastructure to support them. These samples were considered dead and aimless with no real purpose. We are seeing a rise of new, never-before-seen Emotet samples in our dataset. This surge of samples from our different sources have been identified and verified by our researchers as Emotet. These samples are currently highlighted in the Discovery section of our portal as first seen in PolySwarm compared to other scanning services.



Previous versions of Emotet were extremely dangerous because they spread quickly, were difficult to detect, and were used by other threat actor groups to install ransomware, stealers, and other malware. It seems the Emotet group is back with a vengeance and will attempt to operate at the level of its former glory. This could result in widespread infection targeting financial institutions, hospitals, and retailers during the holiday season.

The Emotet banking trojan, first seen in the wild in 2014, was once considered the “world’s most dangerous malware.” The threat actors behind Emotet created an elaborate infrastructure, the notorious Emotet malware botnet. Emotet was used as a loader for other cybercriminals. Emotet gained access to organizations, and the unauthorized access was sold to other criminal groups. TrickBot, QakBot, Zloader, and Ryuk threat actors were known to use the Emotet botnet to gain access to targets.

We are currently tracking all new samples and extracting not only host behavior and command and control network channels, but the different botnet IDs associated with them as well. All of this data and information is available in our datasets for enrichment purposes.

Read More

PolySwarm engine spotlight: researcher-driven engines detecting new and emergent malware

Mar 30, 2020 10:18:27 AM / by PolySwarm Tech Team posted in PolySwarm, Product, Research, Partner

0 Comments

To put it simply, there are some really cool threat detection technologies on the PolySwarm marketplace. As a recap, here at PolySwarm, we aggregate research-driven threat detection engines---both from AV companies and individual, specialized security experts---that compete in real-time to detect threats. Enterprises and individuals using PolySwarm benefit from deeper coverage of the malware landscape and unique threat intelligence from this aggregated network of engines. 

Read More

PolySwarm Communities: Public vs Private

Mar 2, 2020 1:43:28 PM / by PolySwarm Tech Team posted in PolySwarm, Product

0 Comments

PolySwarm is a threat intelligence marketplace where users upload suspect artifacts (files, URLs, etc.) and receive threat intelligence in return. While legacy multiscanners like VirusTotal, offer a similar service, they often neglect the confidentiality needs of malware analysts, researchers, SOC teams, etc. that want restricted access and/or deeper levels of control on malware-sample sharing. 

Read More

Video: How to use PolySwarm's free command line interface to get intel on malware

Jan 23, 2020 11:18:09 AM / by PolySwarm Tech Team posted in Explained, Product

0 Comments

 

Read More

Latest samples of ZeroCleare, Iranian state-sponsored malware, available on PolySwarm

Jan 9, 2020 11:09:01 AM / by PolySwarm Tech Team posted in Insider, Explained, PolySwarm, Threat Hunting, Research

0 Comments

Today, PolySwarm, a threat intelligence platform used to detect new and emerging malware, releases information about a new variant of ZeroCleare (a destructive malware attributed to Iran). PolySwarm Community (free) and Enterprise users were able access to the full content of this sample before it appeared on VirusTotal.

Read More

Latest Emotet malware samples and IOCs

Nov 26, 2019 2:59:47 PM / by PolySwarm Tech Team

0 Comments

[Updated November 27, 2019]: 

Emotet is a banking Trojan that was first identified by security researchers in 2014. Emotet was first designed as a banking malware that attempted to sneak onto computers and steal sensitive and private information. It has evolved over the last several years from a basic threat, and morphed into a customizable modular package and has been seen deploying additional payloads against financial institutions, enterprises, and consumers across the globe. 

Read More

Ginp banking Trojan actively targeting banks: here's what you need to know, plus free malware samples

Nov 22, 2019 9:11:52 AM / by PolySwarm Tech Team posted in Explained, PolySwarm, Research

0 Comments

Ginp is a banking Trojan that is actively being used to impersonate targeted banking apps. The malware brings up a screen on the victims phone and displays a window that mimics the real banking app. First, one is prompted to login with their credentials. The second screen steals the victim's credit card details.  

Read More

Free malware sample downloads, now available from PolySwarm

Oct 9, 2019 10:33:37 AM / by PolySwarm Tech Team posted in PolySwarm, Product, Research

0 Comments

PolySwarm users can now download malware samples completely free; sign-up for the free “Community” plan and get 10 malware-sample downloads per month.

Read More