The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

PolySwarm Tech Team

Find me on:

Recent Posts

BlackByte Ransomware Targets Critical Infrastructure

Mar 1, 2022 2:42:23 PM / by PolySwarm Tech Team posted in Threat Bulletin, Critical Infrastructure, BlackByte, Ransomware

0 Comments


Background

The FBI and US Secret Service released an advisory regarding BlackByte ransomware, which compromised multiple US and foreign businesses, including three entities that are part of US critical infrastructure. These three unnamed entities belonged to the government, financial, and food and agriculture verticals. The threat actors behind BlackByte also claimed they hacked networks belonging to the San Francisco 49ers in mid-February 2022.

Read More

Wicked Panda’s ShadowPad RAT

Feb 28, 2022 2:31:59 PM / by PolySwarm Tech Team posted in Threat Bulletin, APT41, Shadow Pad, China, Winnti, Axiom

0 Comments



Background


Secureworks recently posted research analyzing Wicked Panda’s ShadowPad RAT. Secureworks stated multiple clusters of ShadowPad activity appeared to be linked to PLA theater commands.

Read More

Russian Websites Down As Russia Fears Critical Infrastructure Attacks

Feb 25, 2022 4:06:31 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Critical Infrastructure

0 Comments


PolySwarm Threat Bulletin

THIS THREAT BULLETIN IS PROVIDED FOR SITUATIONAL AWARENESS


Background

This report is part of our ongoing coverage of the Russia-Ukraine conflict and cyber implications.

PolySwarm recently released the following publications and blog posts discussing Russia-Ukraine tensions and the potential for both kinetic and cyber conflict:

Read More

DDoS Attacks and New Wiper Malware Target Ukraine

Feb 25, 2022 2:37:21 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Financial, Wiper, Malware, DDoS, Katana, Government, Defense

0 Comments



PolySwarm Threat Bulletin
THIS THREAT BULLETIN IS PROVIDED FOR SITUATIONAL AWARENESS

Background

PolySwarm recently released several publications and blog posts discussing Russia-Ukraine tensions and the potential for both kinetic and cyber conflict:

Read More

Mythic Leopard Uses CapraRAT to Target Indian Government Officials

Feb 22, 2022 3:20:55 PM / by PolySwarm Tech Team posted in Threat Bulletin, Espionage, India, APT36, Android, Pakistan, Mythic Leopard, CapraRAT

0 Comments

PolySwarm Threat Bulletin


Background


Cyble recently released a deep dive analysis of Mythic Leopard espionage activity leveraging CapraRAT Android spyware. This campaign targeted Indian government officials.

Read More

PolySwarm Threat Bulletin: US and European Banks Fear Russian Cyber Attack

Feb 17, 2022 1:44:35 PM / by PolySwarm Tech Team posted in Russia, Threat Bulletin, US, Europe, Banking, Financial

0 Comments


THIS THREAT BULLETIN IS PROVIDED FOR SITUATIONAL AWARENESS

Background

PolySwarm recently published a Special Report, Threat Bulletin, and blog posts discussing Russia-Ukraine tensions and the potential for both kinetic and cyber conflict. In Russia-Ukraine Conflict and Cyberwar Implications, we discussed political tensions between Russia and Ukraine, past cyber altercations between the two nations, and potential cyber and kinetic implications if the current conflict escalates. In Armageddon Activity Targeting Ukraine, we provided commentary and IOCs for ongoing cyber activity targeting Ukraine, which industry analysts attributed to the Russian state-sponsored threat actor group Armageddon.

Read More

PolySwarm Threat Bulletin: Molerats NimbleMamba Espionage Campaign Targeting MENA Countries

Feb 16, 2022 2:55:24 PM / by PolySwarm Tech Team posted in Threat Bulletin, Middle East, Molerats, Espionage, Gaza, Gaza Cyber Gang, Nimblemamba

0 Comments


Background

Proofpoint recently posted their findings on a Molerats espionage campaign leveraging a new implant dubbed NimbleMamba. In this campaign, Molerats employed a complex attack chain that uses a combination of geofencing and URL redirects to legitimate sites to evade detection. Targets of this campaign included Middle Eastern governments, foreign policy think tanks, and an airline.
Read More

Emotet Banking Trojan Back in Action

Nov 30, 2021 3:25:13 PM / by PolySwarm Tech Team posted in PolySwarm, Threat Bulletin

0 Comments

Verticals Affected: Financial, Various
Victim Location: US, UK, Germany, Canada
Related Malware Families: TrickBot, Ryuk, QakBot, Zloader

A number of threat intelligence companies have recently reported on the return of the Emotet banking trojan. We first saw new variants of Emotet in our marketplace on November 15, 2021, before any industry in-depth analysis reports were released.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts