The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Anatsa Android Banking Trojan

Jul 3, 2023 12:37:11 PM / by The Hivemind posted in Threat Bulletin, Banking, Financial, Android, Trojan, Banking Trojan, Anatsa

0 Comments

Verticals Targeted: Financial 

Executive Summary

Anatsa is a banking trojan targeting Android devices that is distributed through the Google Play store, disguised as a seemingly innocuous app.

Read More

Condi DDoS Botnet

Jun 30, 2023 3:05:33 PM / by The Hivemind posted in Threat Bulletin, DDoS, Mirai, Botnet, CVE-2023-1389, Condi

0 Comments

Related Families: Mirai

Executive Summary

Condi is a DDoS as a service botnet based on Mirai. It has been observed leveraging CVE-2023-1389 to propagate.

Read More

DcRAT Distributed Via Adult Content Themed Lures

Jun 26, 2023 1:57:42 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Infostealer, RAT, DcRAT, AsyncRAT

0 Comments

Related Families: AsyncRAT
Verticals Targeted: Consumer Services

Executive Summary

DcRAT is a clone of AsyncRAT and is used for remote access and stealing information. It also has ransomware capabilities. DcRAT has distributed via adult content-themed lures, including lures for OnlyFans pages.

Read More

Cadet Blizzard

Jun 23, 2023 2:09:27 PM / by The Hivemind posted in Russia, Threat Bulletin, Espionage, WhisperGate, Cadet Blizzard, Disruption

0 Comments

Related Families: WhisperGate
Verticals Targeted: Government, Law Enforcement, Non-profits, Information Technology, Emergency Services

Executive Summary

Cadet Blizzard is a Russia nexus state-sponsored threat actor group with potential ties to the GRU. However, their activity seems to be distinct from other GRU-associated threat actor groups. 

Read More

Asylum Ambuscade

Jun 20, 2023 1:49:52 PM / by The Hivemind posted in Financial, Government, Cryptocurrency, Asylum Ambuscade, SMB, SunSeed, AHKBOT, NODEBOT

0 Comments

Related Families: SunSeed, AHKBOT, NODEBOT
Verticals Targeted: Government, Cryptocurrency, Financial

Executive Summary

Asylum Ambuscade is a threat actor group known to engage in both cybercrime and espionage activity. Their targets include government, financial, and SMB entities, primarily in Europe and North America. 

Read More

Cl0p Reportedly Using MOVEit 0day (CVE-2023-34362)

Jun 16, 2023 2:33:59 PM / by The Hivemind posted in Microsoft, Cl0p, LemurLoot, CVE-2023-34362, MOVEit

0 Comments

Associated Families: LemurLoot
Verticals Targeted: Financial, Government

Executive Summary

Industry researchers from multiple vendors observed threat actors leveraging CVE-2023-34362. Microsoft attributed the activity to a Cl0p affiliate dubbed Lace Tempest.

Read More

BlackSuit Ransomware

Jun 12, 2023 2:55:54 PM / by The Hivemind posted in Ransomware, Windows, Linux, Royal, BlackSuit, encryption

0 Comments

Related Families: Royal

Executive Summary

BlackSuit ransomware targets both Windows and Linux systems and bears a striking resemblance to Royal ransomware.

Read More

CosmicEnergy

Jun 9, 2023 2:23:26 PM / by The Hivemind posted in Critical Infrastructure, ICS, Energy, CosmicEnergy, OT

0 Comments

Verticals Targeted: Energy, Critical Infrastructure

Executive Summary

CosmicEnergy is a novel malware targeting operational technology (OT) and ICS.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More