The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Charming Kitten Using Sponsor Backdoor

Sep 18, 2023 2:00:54 PM / by The Hivemind posted in Threat Bulletin, Middle East, Iran, Charming Kitten, Sponsor

0 Comments

Verticals Targeted: Automotive, Communications, Engineering, Financial Services, Healthcare, Insurance, Legal, Manufacturing, Retail, Technology, Telecommunications

Executive Summary

Charming Kitten, an Iran nexus threat actor group, was recently observed using Sponsor backdoor to target at least 34 entities in Brazil, Israel, and UAE.

Read More

Mallox Ransomware

Sep 15, 2023 2:00:19 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Mallox, Remcos RAT

0 Comments

Related Families: Remcos RAT, Metasploit
Verticals Targeted:  Manufacturing, Retail, Wholesale, Legal, Professional Services

Executive Summary

Mallox, also known as TargetCompany, FARGO, and Tohnichi, is a ransomware family targeting Windows systems, particularly unsecured MS-SQL servers, to compromise victim networks.

Read More

BadBazaar Spyware Variants Delivered Via Trojanized Android Apps

Sep 11, 2023 3:07:00 PM / by The Hivemind posted in Threat Bulletin, Espionage, Android, Mobile, BadBazaar, GREF

0 Comments

Executive Summary

Two GREF espionage campaigns used trojanized Android apps to deliver BadBazaar spyware variants.

Read More

Carderbee Targets Hong Kong in Supply Chain Attack

Sep 8, 2023 2:29:33 PM / by The Hivemind posted in Threat Bulletin, Carderbee, Korplug, PlugX

0 Comments

Related Families: Korplug, PlugX

Executive Summary

In a recent campaign, Carderbee targeted entities in Hong Kong and other regions of Asia via a supply chain attack leveraging the legitimate Cobra DocGuard software.

Read More

UNC4841 Targeting Government Entities with Barracuda ESG 0day

Sep 4, 2023 1:24:05 PM / by The Hivemind posted in Threat Bulletin, Government, Defense, Telecommunications, Aerospace, CVE-2023-2868, Military, Technology, DEPTHCHARGE, UNC4841, SKIPJACK, FOXTROT, FOXGLOVE

0 Comments

Related Families: SKIPJACK, DEPTHCHARGE, FOXTROT,  FOXGLOVE
Verticals Targeted: Government, Military, Defense, Aerospace, Technology, Telecommunications

Executive Summary

UNC4841 was observed using CVE-2023-2868 to target entities in multiple verticals, including government and military.

Read More

New XLoader Variant Disguised as Signed App

Sep 1, 2023 1:24:48 PM / by The Hivemind posted in Threat Bulletin, Xloader, MacOS

0 Comments

Executive Summary

A new XLoader variant has been observed in the wild, targeting MacOS systems and disguising itself as a signed OfficeNote app. 

Read More

Go-Based Proxy Targets Windows and Mac Systems

Aug 28, 2023 2:57:30 PM / by The Hivemind posted in Threat Bulletin, Windows, Mac, Proxy, Go

0 Comments

Executive Summary

A recent malware campaign delivered a proxy server application to both Windows and Mac systems, turning them into proxy exit nodes. 

Read More

Cuba Ransomware Used Veeam Vulnerability (CVE-2023-27532)

Aug 25, 2023 1:54:17 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Information Technology, Cuba

0 Comments

Verticals Targeted: Critical Infrastructure, Information Technology

Executive Summary

Cuba ransomware was observed using the Veeam vulnerability (CVE-2023-27532) in June to target critical infrastructure and IT entities in the US and Latin America.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More