The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

BlackByte NT

May 30, 2023 2:25:39 PM / by The Hivemind posted in BlackByte, Ransomware, BlackByte NT

0 Comments

Related Families: BlackByte

Executive Summary

Read More

Geacon - Cobalt Strike for MacOS

May 26, 2023 2:57:15 PM / by The Hivemind posted in Cobalt Strike, MacOS, Pentesting, Geacon

0 Comments

Related Families: Cobalt Strike

Read More

RedStinger Targets Critical Infrastructure

May 22, 2023 3:49:00 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Government, Critical Infrastructure, Transportation, Bad Magic

0 Comments

Related Families: DboxShell, PowerMagic
Verticals Targeted:
Defense, Critical Infrastructure, Transportation 

Executive Summary

RedStinger, a relatively unknown threat actor group, targeted multiple entities in Ukraine, including those in the defense, transportation, and critical infrastructure verticals.

Read More

Winnti Subgroup Earth Longzhi Uses New TTPs

May 19, 2023 2:28:29 PM / by The Hivemind posted in Threat Bulletin, China, Winnti, TTPs, Stack Rumbling, Earth Longzhi

0 Comments

Related Families: Croxloader, SPHijacker, Behinder
Verticals Targeted: Government, Healthcare, Technology, Manufacturing

Read More

Reaper Uses New TTPs to Drop RokRAT

May 15, 2023 2:27:27 PM / by The Hivemind posted in Threat Bulletin, RokRAT, Reaper, Ricochet Chollima, LNK

0 Comments

Related Families: CloudMensis, RambleOn

Executive Summary

Reaper was recently observed using new TTPs to drop RokRAT. The infection chain leveraged LNK files delivered via the energy sector and politic

Read More

BlueNoroff's RustBucket MacOS Malware

May 12, 2023 3:48:04 PM / by The Hivemind posted in Threat Bulletin, Lazarus, North Korea, Financial, MacOS, Mac, RustBucket, BlueNoroff

0 Comments

Verticals Targeted: Financial

Executive Summary

Read More

PingPull Linux Variant

May 8, 2023 3:05:38 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, PingPull, Gallium, RAT, Sword2033

0 Comments

Related Families: Sword2033

Executive Summary

China nexus threat actor group Gallium was recently observed using a new Linux variant of PingPull in an espionage campaign.

Read More

Tomiris Targets Central Asia in Espionage Campaign

May 5, 2023 2:00:47 PM / by The Hivemind posted in Russia, Threat Bulletin, Kopiluwak, TunnusSched, Roopy, Tomiris, Central Asia, Telemiris, JLORAT

0 Comments

Related Families: Telemiris, TunnusSched, Roopy, JLORAT, KopiLuwak
Verticals Targeted: Government, Diplomatic Entities

Executive Summary

A Russian-speaking threat actor group dubbed Tomiris was recently observed conducting an espionage campaign targeting countries in Central Asia. The group uses a variety of tools, some of which overlap with the Russian threat actor group Venomous Bear.

Key Takeaways

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts