The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

SecuriDropper Android Malware

Nov 17, 2023 1:27:39 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Ermac, SpyNote, SecuriDropper, Dropper-as-a-service

0 Comments

Related Families: SpyNote, Ermac

Executive Summary

SecuriDropper is a widely distributed dropper-as-a-service that bypasses Android Restricted Settings.

Read More

New MOVEit Activity

Nov 13, 2023 1:31:46 PM / by The Hivemind posted in Threat Bulletin, Government, Defense, CVE-2023-34362, MOVEit, Technology

0 Comments

Verticals Targeted: Defense, Government, Technology 

Executive Summary

The MOVEit vulnerability tracked as CVE-2023-34362, was first observed in May 2023. It has since been observed targeting additional entities, including those in the technology, government, and defense verticals.

Read More

BiBi-Linux Wiper

Nov 10, 2023 12:18:01 PM / by The Hivemind posted in Threat Bulletin, Middle East, Wiper, Hacktivism, Palestine, Israel, Hamas, BiBi-Linux

0 Comments

Executive Summary

A wiper known as BiBi-Linux was recently observed targeting entities in Israel. A pro-Hamas hacktivist group was behind the attacks.

Read More

MOIS Affiliated Threat Actor Using Liontail Framework

Nov 6, 2023 12:58:47 PM / by The Hivemind posted in Threat Bulletin, APT, Financial, Government, Iran, Telecommunications, framework, Military, MOIS, Liontail, OilRig, Scarred Manticore, IT, NGOs

0 Comments

Verticals Targeted: Government, Defense, Telecommunications, Finance, NGO, IT services  

Executive Summary

Scarred Manticore, a threat actor group associated with Iran’s MOIS, was observed using Liontail framework in an espionage campaign. 

Read More

XWorm

Nov 3, 2023 2:13:28 PM / by The Hivemind posted in Threat Bulletin, RAT, XWorm

0 Comments

Executive Summary

XWorm is a .NET based, modular, multi-purpose malware family most often used as a RAT. CERT Polska analyzed an Xworm sample distributed via malspam containing an .lzh file.

Read More

Stayin Alive Campaign Targets Telecoms and Government Entities in Asia

Oct 27, 2023 1:54:59 PM / by The Hivemind posted in Threat Bulletin, Government, Telecommunications, Asia, CurKeep, StayinAlive, ToddyCat, CurCore, CurLog, CurLu, StylerServ

0 Comments

Related Families: CurKeep, CurCore, CurLog, CurLu, StylerServ
Verticals Targeted: Telecommunications, Government 

Executive Summary

The Stayin Alive campaign, perpetrated by ToddyCat, was observed targeting telecommunications and government entities in Asia.

Read More

Akira Ransomware

Oct 23, 2023 1:37:51 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Akira, Megazord

0 Comments

Related Families: Megazord
Verticals Targeted: Manufacturing, Business Services, Construction, Education, Finance, Legal Services, Retail, Architecture, Engineering and Design, and Investment Banking

Executive Summary

Akira ransomware, active since April 2023, was recently observed targeting Windows and Linux systems.

Read More

Qakbot Threat Actors Distributing Ransom Knight And Remcos

Oct 20, 2023 4:30:11 PM / by PolySwarm Tech Team posted in Threat Bulletin, Qbot, RAT, Remcos RAT, Ransom Knight, Qakbot

0 Comments

Executive Summary

Threat actors affiliated with Qakbot were observed distributing Ransom Knight ransomware and Remcos RAT.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More