The PolySwarm Blog

Related Families: Mirai
Verticals Targeted: Education, Government, Telecommunications, Financial, Gaming

Executive Summary

Gorilla Botnet, also known as GorillaBot, is a Mirai-based botnet family that recently gained momentum and notoriety.

Related Families: LockBit 3.0
Verticals Targeted: Media, Insurance, Legal Services, Healthcare, Retail, Software, Construction, Manufacturing, Real Estate, Education, Government 

Executive Summary

BrainCipher ransomware, which was first observed in June 2024, is an emerging threat. BrainCipher is based on the leaked LockBit 3.0 builder and is functionally similar to LockBit 3.0.  

Related Families: Venus, 2023Lock
Verticals Targeted: Healthcare, Manufacturing, Business Services 

Executive Summary

Perfectl is a malware family that targets misconfigured Linux servers. In a recent campaign, Perfectl was observed deploying cryptominers and proxyjacking software.

Related Families: Preft

Related Families: Exobot, ExobotCompact, Octo
Verticals Targeted: Financial

Executive Summary

Octo2, an updated version of Octo Android banking trojan, was recently observed targeting Android users in Europe.

Related Families: LockBit 3.0, Conti
Verticals Targeted: Business Services, Construction, Retail, Telecommunications, Manufacturing, Mining, Government, Healthcare, Transportation, Energy, Software, Education 

Executive Summary

DragonForce is a ransomware as a service (RaaS) that has significantly evolved in the past year, making it a formidable threat.

Related Families: PondRAT, PoolRAT
Verticals Targeted: Software Development 

Executive Summary

North Korea nexus threat actor group Labyrinth Chollima was observed using poisoned Python packages to deliver PondRAT, a backdoor that targets MacOS and Linux systems.