The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Shikitega Linux Malware

Sep 15, 2022 1:51:05 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, Shikitega, CVE-2021-4034, CVE-2021-3493

0 Comments



Executive Summary

In our 2021 Year in Review, we predicted a rise in Linux malware for 2022. AT&T Alien Labs recently reported on Shikitega, a new Linux malware with stealth capabilities.

Key Takeaways

Read More

DarkAngels Linux Ransomware

Sep 12, 2022 1:45:13 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, Linux, DarkAngels

0 Comments

Related families: Babuk

Executive Summary

Uptycs recently reported on a new DarkAngels Linux ransomware variant that appears to still be in development.

Read More

Charming Kitten Hyperscrape Tool

Sep 9, 2022 1:13:55 PM / by PolySwarm Tech Team posted in Threat Bulletin, Iran, Hyperscrape, Scraper, Charming Kitten, APT35

0 Comments



Executive Summary

Google’s Threat Analysis Group (TAG) recently reported on Hyperscrape, a new data extraction tool used by the Iranian nexus threat actor group Charming Kitten.

Key Takeaways

Read More

Agenda Ransomware

Sep 6, 2022 3:11:38 PM / by PolySwarm Tech Team posted in Threat Bulletin, Agenda Ransomware, GoLang

0 Comments

Related Families: Black Basta, Black Matter, REvil

Verticals Targeted: healthcare, education

Executive Summary

Trend Micro recently reported on Agenda Ransomware, a tailored ransomware written in GoLang.

Read More

Lightning Framework

Sep 1, 2022 12:30:19 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, Lightning Framework

0 Comments



Executive Summary

Intezer recently reported on Lightning Framework, a Linux malware with modular plugins and the ability to install rootkits.

Key Takeaways

Read More

GwisinLocker

Aug 29, 2022 2:33:33 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, GwisinLocker, South Korea

0 Comments

Verticals Targeted: pharmaceutical, healthcare, industrial

Executive Summary

Ahnlab recently reported on GwisinLocker, a multi-platform ransomware targeting multiple verticals in South Korea.

Read More

Bumblebee Loader

Aug 25, 2022 1:48:41 PM / by PolySwarm Tech Team posted in Threat Bulletin, Loader, BazarLoader, BazarBackdoor, Bumblebee, BazaLoader

0 Comments

Related Families: BazarLoader, BazaLoader, Conti, BazarBackdoor, Trickbot, Diavol, Sliver, Bokbot, Meterpreter, Cobalt Strike

Verticals Targeted: Multiple

Executive Summary

Earlier this month, Palo Alto’s Unit 42 reported on recent activity leveraging Bumblebee. Unit 42 observed activity by multiple threat actors, including Projector Libra.

Read More

RapperBot Targets IoT

Aug 22, 2022 3:09:40 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, IoT, SSH, Mirai, RapperBot

0 Comments



Executive Summary

FortiGuard Labs recently reported on RapperBot, a malware family with a built-in capability to brute force credentials and gain access to SSH servers.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More