The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

PolySwarm Tech Team

Find me on:

Recent Posts

Cyber Threats to Aviation and Aerospace

Oct 25, 2022 5:02:07 PM / by PolySwarm Tech Team posted in Russia, Threat Bulletin, China, Ransomware, Aerospace, Hacktivism, Aviation, Data Theft, Killnet, Phishing

0 Comments



Executive Summary

The aviation and aerospace verticals face numerous challenges in the form of cyber threats. This report gives an overview of the different threat actor motivations to target aviation and aerospace and the types of threats to these verticals.

Read More

Earth Aughisky's Malware Arsenal

Oct 24, 2022 1:58:51 PM / by PolySwarm Tech Team posted in Threat Bulletin, Roudan, GrubbyRAT, Earth Aughisky, Taidoor, LuckDLL, Taikite, SiyBot, Taleret, Serkdes, Buxzop

0 Comments

Related Families: Roudan/Taidoor, LuckDLL, GrubbyRAT, Taikite, SiyBot, Taleret, Serkdes, Buxzop

Verticals Targeted: Government, Technology, Transportation, Telecommunications, Manufacturing, Healthcare, Heavy Industries

Executive Summary

Trend Micro recently reported on Earth Aughisky and the myriad of tools used by this threat actor group.

Read More

Emotet Observed Using New TTPs

Oct 20, 2022 11:06:46 AM / by PolySwarm Tech Team posted in Threat Bulletin, Banking, Loader, Trojan, Botnet, Emotet

0 Comments

Related Families: TrickBot, Ryuk, QakBot, Zloader, Quantum, BlackCat

Read More

RatMilad Android Spyware

Oct 17, 2022 11:17:37 AM / by PolySwarm Tech Team posted in Threat Bulletin, Android, Spyware, RatMilad

0 Comments

Executive Summary

Zimperium recently reported on RatMilad, spyware targeting Android devices.

Read More

Harly Android Trojan Subscriber

Oct 13, 2022 1:33:22 PM / by PolySwarm Tech Team posted in Threat Bulletin, Android, Harly, Subscriber, Trojan

0 Comments

Related Families: Jocker

Executive Summary

Kaspersky recently reported on Harly, a trojan subscriber targeting Android devices. Harly can subscribe a victim to a paid service without their knowledge or consent.


Key Takeaways

Read More

North Korean Threat Actors Living Off the Land

Oct 11, 2022 12:47:31 PM / by PolySwarm Tech Team posted in Threat Bulletin, Lazarus, North Korea, LoTL, APT 38, Living off the land, ZataNile, EventHorizon

0 Comments

Related Families: ZetaNile (BlindingCan), EventHorizon

Verticals Targeted: Media, Defense, IT Services, Aerospace

Executive Summary

Microsoft recently reported on North Korean threat actor group Lazarus using living off the land (LOTL) techniques to target multiple verticals. Weaponization of legitimate tools includes SSH clients PuTTY and KiTTY, as well as TightVNC Viewer, Sumatra PDF reader, and muPDF/Subliminal Recording installer.

Read More

NullMixer Drops Multiple Malware Families

Oct 6, 2022 2:55:06 PM / by PolySwarm Tech Team posted in Threat Bulletin, RedLine Stealer, NullMixer, Satacom, Dropper, SmokeLoader, PseudoManuscrypt, ColdStealer, FormatLoader, CsdiMonetize, Disbuk, Fabookie, DanaBot, Racealer, Generic.ClipBanker, SgnitLoader, ShortLoader, Downloader.INNO, LgoogLoader, Downloader.Bitser, C-Joker, PrivateLoader, GCleaner, Vidar

0 Comments

Related Families: SmokeLoader, RedLine Stealer, PseudoManuscrypt, ColdStealer, FormatLoader, CsdiMonetize, Disbuk, Fabookie, DanaBot, Racealer, Generic.ClipBanker, SgnitLoader, ShortLoader, Downloader.INNO, LgoogLoader, Downloader.Bitser, C-Joker, PrivateLoader, Satacom, GCleaner, Vidar

Verticals Targeted: Multiple

Executive Summary

Kaspersky recently reported on NullMixer, a dropper used to drop a myriad of malware families, including SmokeLoader, RedLine Stealer, PseudoManuscrypt, ColdStealer, FormatLoader, CsdiMonetize, Disbuk, Fabookie, DanaBot, Racealer, Generic.ClipBanker, SgnitLoader, ShortLoader, Downloader.INNO, LgoogLoader, Downloader.Bitser, C-Joker, PrivateLoader, Satacom, GCleaner, and Vidar.
 

Read More

SideWalk Linux Variant

Oct 3, 2022 3:59:17 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, Backdoor, SparklingGoblin, SideWalk

0 Comments

Related Families: Specter RAT, SideWalk (Windows)
Verticals Targeted: Education

Executive Summary

ESET recently reported on a SideWalk Linux variant. SideWalk is a backdoor used by the SparklingGoblin threat actor group.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts