The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

MOIS Affiliated Threat Actor Using Liontail Framework

Nov 6, 2023 12:58:47 PM / by The Hivemind posted in Threat Bulletin, APT, Financial, Government, Iran, Telecommunications, framework, Military, MOIS, Liontail, OilRig, Scarred Manticore, IT, NGOs

0 Comments

Verticals Targeted: Government, Defense, Telecommunications, Finance, NGO, IT services  

Executive Summary

Scarred Manticore, a threat actor group associated with Iran’s MOIS, was observed using Liontail framework in an espionage campaign. 

Read More

XWorm

Nov 3, 2023 2:13:28 PM / by The Hivemind posted in Threat Bulletin, RAT, XWorm

0 Comments

Executive Summary

XWorm is a .NET based, modular, multi-purpose malware family most often used as a RAT. CERT Polska analyzed an Xworm sample distributed via malspam containing an .lzh file.

Read More

Stayin Alive Campaign Targets Telecoms and Government Entities in Asia

Oct 27, 2023 1:54:59 PM / by The Hivemind posted in Threat Bulletin, Government, Telecommunications, Asia, CurKeep, StayinAlive, ToddyCat, CurCore, CurLog, CurLu, StylerServ

0 Comments

Related Families: CurKeep, CurCore, CurLog, CurLu, StylerServ
Verticals Targeted: Telecommunications, Government 

Executive Summary

The Stayin Alive campaign, perpetrated by ToddyCat, was observed targeting telecommunications and government entities in Asia.

Read More

Akira Ransomware

Oct 23, 2023 1:37:51 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Akira, Megazord

0 Comments

Related Families: Megazord
Verticals Targeted: Manufacturing, Business Services, Construction, Education, Finance, Legal Services, Retail, Architecture, Engineering and Design, and Investment Banking

Executive Summary

Akira ransomware, active since April 2023, was recently observed targeting Windows and Linux systems.

Read More

Qakbot Threat Actors Distributing Ransom Knight And Remcos

Oct 20, 2023 4:30:11 PM / by PolySwarm Tech Team posted in Threat Bulletin, Qbot, RAT, Remcos RAT, Ransom Knight, Qakbot

0 Comments

Executive Summary

Threat actors affiliated with Qakbot were observed distributing Ransom Knight ransomware and Remcos RAT.

Read More

Mirai IZ1H9

Oct 16, 2023 2:17:16 PM / by The Hivemind posted in Threat Bulletin, Linux, IoT, Mirai, Botnet, IZ1H9

0 Comments

Executive Summary

Mirai IZ1H9, a newer variant of Mirai, is being used to infect Linux devices for use in a DDoS campaign.

Read More

AresLoader

Oct 13, 2023 2:27:36 PM / by The Hivemind posted in Russia, Threat Bulletin, Loader, Cybercrime, AresLoader, MaaS

0 Comments

Executive Summary

AresLoader is a loader malware-as-a-service (MaaS) active in the wild since at least November 2022. AresLoader is designed to masquerade as legitimate software, while covertly downloading malicious payloads.

Read More

BunnyLoader

Oct 9, 2023 12:00:10 PM / by The Hivemind posted in Threat Bulletin, Loader, BunnyLoader, Malware-As-A-Service, Cybercrime

0 Comments

Executive Summary

BunnyLoader is a recently discovered malware-as-a-service (MaaS) threat being sold on multiple forums. It was released in September 2023 and appears to be under active development, with feature updates and bug fixes available.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More