Executive Summary
Cyble recently reported on the resurgence of Cerber2021 ransomware, which targets both Windows and Linux systems.
Key Takeaways
Recent Posts
Cerber2021 Targets Windows and Linux
Jun 30, 2022 1:18:47 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, Cerber, CerberImposter, CVE-2022-26134, Cerber2021
PingPull Targets Telecom, Government, and Financial Verticals
Jun 27, 2022 3:56:10 PM / by PolySwarm Tech Team posted in Threat Bulletin, Financial, Government, Telecommunications, PingPull, Gallium
Executive Summary
Palo Alto’s Unit42 recently reported on PingPull, a RAT used by the Gallium threat actor group to target entities in the telecommunications, government, and financial verticals.
Lyceum .NET DNS Backdoor “DnsSystem”
Jun 24, 2022 2:22:18 PM / by PolySwarm Tech Team posted in Threat Bulletin, Lyceum, Hexane, Siamese Kitten, DnsSystem, .NET DNS Backdoor
Executive Summary
Zscaler recently reported on a new .NET DNS backdoor “DnsSystem” used by the threat actor group known as Lyceum. It is primarily used to target entities in the Middle East.
Symbiote Linux Malware
Jun 20, 2022 12:01:49 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, Symbiote
Executive Summary
Intezer and BlackBerry recently reported on Symbiote, a difficult to detect Linux malware that relies on existing running processes to infect a system.
Pymafka Targets macOS, Windows, Linux
Jun 17, 2022 2:17:39 PM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, Linux, Python, Pymafka, Cobalt Strike
Executive Summary
Sonatype recently reported on Pymakfa, a malicious Python package in the PyPl registry dropping Cobalt Strike on macOS, Windows, and Linux.
Enemybot IoT Malware
Jun 13, 2022 3:47:53 PM / by PolySwarm Tech Team posted in Threat Bulletin, Android, Linux, Enemybot, CMS
Executive Summary
AT&T Alien Labs recently reported on Enemybot, an internet of things (IoT) malware targeting content management systems (CMS), Linux, and Android.
Key Takeaways
Follina MSDT Vulnerability (CVE-2022-30190)
Jun 6, 2022 1:54:53 PM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, Follina, CVE-2022-30190, MS Office, MSDT
Background
Microsoft recently published an advisory on a newly identified zero-day vulnerability that affects Microsoft Support Diagnostic Tool (MSDT). CVE-2022-30190, which is being exploited in the wild, has been dubbed Follina by industry researcher Kevin Beaumont.
PolySwarms New Hunt Functionality
Jun 2, 2022 2:09:53 PM / by PolySwarm Tech Team posted in PolySwarm, Threat Hunting, New Features, Product Update
Many of you have given us feedback on our live and historical hunt functionality and we are thrilled to let you know that we are going live with your suggestions.