The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Cl0p Linux Variant

Feb 28, 2023 12:53:32 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Cl0p

0 Comments

Verticals Targeted: Education, Various

Executive Summary

SentinelLabs recently reported on a newly discovered Linux variant of Cl0p ransomware. The Linux variant is similar to the Windows variant but uses a flawed encryption logic.

Read More

MortalKombat Ransomware Used in Recent Campaign

Feb 24, 2023 1:57:55 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Cryptocurrency, Laplas Clipper, MortalKombat, Xorist

0 Comments

Related Families: Xorist, Laplas Clipper

Executive Summary

Cisco Talos recently reported on threat actor activity leveraging MortalKombat ransomware and Laplas Clipper. MortalKombat encrypts files on the infected machine and drops a ransom note instructing victims on how to pay the ransom to recover their files.

Key Takeaways

Read More

ESXiArgs Ransomware

Feb 21, 2023 1:20:39 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, ESXiArgs, Babuk, CVE-2021-21974

0 Comments

Related Malware: Babuk
Verticals Targeted: Multiple

Executive Summary

Industry researchers recently reported on ESXiArgs ransomware, which targeted VMware ESXi servers around the globe. After CISA released a recovery script, the threat actors behind ESXiArgs distributed a new variant of the ransomware.

Key Takeaways

Read More

Pro-Palestine Group Targets Israeli Chemical Sector

Feb 17, 2023 2:24:12 PM / by The Hivemind posted in Threat Bulletin, Gaza, ICS, Palestine, Chemical, Israel, Electronic, Electronic Quds Force

0 Comments

Verticals Targeted: Chemical

Executive Summary

A recent hacking campaign targeted Israeli chemical sector companies operating in the occupied territories. The threat actor group Electronic Quds Force is responsible for the campaign. This threat bulletin is provided for situational awareness.

Key Takeaways

Read More

Emotet’s New TTPs

Feb 13, 2023 12:26:57 PM / by The Hivemind posted in Threat Bulletin, IcedID, Bumblebee, Emotet, xls

0 Comments

Related Families: Bumblebee, IcedId
Verticals Targeted: Financial

Executive Summary

BlackBerry recently reported on Emotet’s new TTPs, including new email lures, IcedID, and Bumblebee as secondary payloads and evasion methods.

Read More

Mimic Ransomware

Feb 7, 2023 12:25:08 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Mimic, Everything.exe, Conti

0 Comments

Related Families: Conti

Executive Summary

Trend Micro recently reported on Mimic ransomware, a ransomware family that abuses Everything APIs.

Key Takeaways

Read More

Roaming Mantis Wroba.o Android Malware

Feb 3, 2023 1:20:46 PM / by The Hivemind posted in Threat Bulletin, Android, Shaoye, Xloader, Roaming Mantis, DNS, Wroba.o

0 Comments

Related Families: Wroba.o, Xloader

Executive Summary

Kaspersky SecureList recently reported on a Roaming Mantis campaign using Wroba.o with DNS hijacking to infect routers and Android devices.


Key Takeaways

Read More

Hook Android Banking Trojan

Jan 31, 2023 12:25:40 PM / by The Hivemind posted in Threat Bulletin, Banking, Android, RAT, Trojan, Hook, Ermac, DukeEugene

0 Comments

Related Families: Ermac
Verticals Targeted:
Financial

Executive Summary

Threat Fabric recently reported on Hook, an Android banking trojan that is a fork of Ermac.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts