“We are excited to promote Cyberstanc as the next Arbiter in the PolySwarm Marketplace. The Cyberstanc Engine has proven itself in the PolySwarm Marketplace to be reliable and accurate for the past 2.5 years. Their unique malware detection and threat intelligence insights will continue to support PolySwarm’s crowdsourced ecosystem of innovative anti-malware engines in their fight against malware.” - Steve Bassi, CEO of PolySwarm.
Related Families: LockBit, LockBit 3.0
Verticals Targeted: Multiple
Executive Summary
CYFIRMA recently reported on Exfiltrator-22, also known as EX-22, a new post-exploitation framework capable of spreading ransomware while evading detection.
Key Takeaways
- Exfiltrator-22, also known as EX-22, is a new post-exploitation framework capable of spreading ransomware while evading detection.
- Exfiltrator-22, which is a framework-as-a-service, is designed to primarily target corporate networks.
- Analysts at CYFIRMA have linked Exfiltrator-22 to former LockBit 3.0 affiliates.
Verticals Targeted: media, entertainment
Executive Summary
Sentinel Labs recently reported on a new Linux variant of IceFire ransomware. The threat actors responsible for IceFire exploit CVE-2022-47986 to deploy the ransomware.
Verticals Targeted: Gambling
Executive Summary
Trend Micro recently reported on a new Linux variant of Emissary Panda’s SysUpdate. SysUpdate is one of Emissary Panda’s custom tools.
Executive Summary
BlackLotus is the first known bootkit to bypass UEFI Secure Boot on fully updated Windows 11 systems. It leverages CVE-2022-21894 to bypass UEFI Secure Boot.
Verticals Targeted: Cryptocurrency, DeFi, Finance
Executive Summary
Uptycs recently reported on activity in which threat actors used Parallax RAT to target entities in the cryptocurrency sector.
Verticals Targeted: IT, Financial, Materials, Healthcare, Food Production
Executive Summary
Trend Micro recently reported on a new Linux variant of Royal ransomware that targets Linux systems and ESXi servers. Royal ransomware is yet another contender among the many ransomware families now targeting Linux systems.
Verticals Targeted: Education, Various
Executive Summary
SentinelLabs recently reported on a newly discovered Linux variant of Cl0p ransomware. The Linux variant is similar to the Windows variant but uses a flawed encryption logic.