Executive Summary
Cyble recently reported on PennyWise, an infostealer targeting crypto and browsers. PennyWise uses YouTube videos to bait victims into installing what they believe to be Bitcoin mining software.
Recent Posts
PennyWise Infostealer Targets Crypto and Browsers
Jul 28, 2022 12:21:07 PM / by PolySwarm Tech Team posted in Threat Bulletin, Infostealer, Cryptocurrency, PennyWise, YouTube
APT 29 Using Brute Ratel
Jul 25, 2022 1:58:05 PM / by PolySwarm Tech Team posted in Threat Bulletin, Brute Ratel, APT29, CozyDuke, brc4, Cozy Bear, Cozycar, Dark Halo, Dukes, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, YTTRIUM
Executive Summary
Palo Alto’s Unit 42 recently reported on Brute Ratel C4 (BRc4), a legitimate redteaming and adversarial attack simulation tool being abused by APT 29 threat actors.
Recent Ransomware Threats to Healthcare
Jul 21, 2022 1:27:35 PM / by PolySwarm Tech Team posted in Threat Bulletin, North Korea, Ransomware, Iran, IcedID, Healthcare, Maui, Quantum, Hospital
Executive Summary
Multiple ransomware families have been used to target the healthcare vertical in the past year. In this report, we cover recently reported attacks on the healthcare vertical leveraging Maui and Quantum ransomware families.
HavanaCrypt Distributed Via Fake Google Software Update
Jul 18, 2022 12:04:52 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, HavanaCrypt
Executive Summary
Trend Micro recently reported on HavanaCrypt ransomware, which is being distributed disguised as a fake Google software update.
Lockbit 3.0
Jul 14, 2022 1:29:24 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, LockBit, Lockbit 3.0, LockbitBlack
Executive Summary
Cluster25 recently reported on Lockbit 3.0, the latest version of Lockbit ransomware. Version 3.0 includes new features and a ransomware bug bounty program.
New Hive Ransomware Rust Variant
Jul 11, 2022 1:37:20 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, Hive, Rust
Executive Summary
Microsoft recently reported on a new variant of Hive ransomware written in Rust. This is a departure from previous versions, which were written in GoLang.
Key Takeaways
SessionManager Targets Governments and NGOs
Jul 8, 2022 2:33:33 PM / by PolySwarm Tech Team posted in Threat Bulletin, Government, Backdoor, SessionManager, NGO, IIS
Executive Summary
Kaspersky recently reported on SessionManager, a difficult to detect backdoor targeting governments and NGOs in multiple countries.
Black Basta Ransomware
Jul 5, 2022 3:33:54 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, Windows, Linux, Black Basta, Qbot
Executive Summary
Cybereason recently reported on Black Basta ransomware, which has claimed around 50 victims so far, making it a prominent threat.