The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Velvet Chollima Using Gomir Linux Backdoor

May 24, 2024 11:58:05 AM / by The Hivemind posted in Threat Bulletin, Espionage, North Korea, Linux, Kimsuky, GoBear, Velvet Chollima, Gomir, Troll Stealer

0 Comments

Related Families: GoBear, Troll Stealer, BetaSeed, Endor
Verticals Targeted: Government 

Executive Summary

North Korea nexus threat actor group Velvet Chollima was observed using a new Linux backdoor, dubbed Gomir, to target entities in South Korea.

Read More

Ebury Compromised 400K Linux Servers

May 20, 2024 2:59:44 PM / by The Hivemind posted in Threat Bulletin, Stealer, Linux, Backdoor, Cryptocurrency, Ebury, HelimodSteal, HelimodProxy, HelimodRedirect

0 Comments

Related Families: HelimodSteal, HelimodProxy, HelimodRedirect

Executive Summary

A longstanding botnet campaign is known to deliver Ebury, an OpenSSH backdoor and credential stealer.

Read More

Black Basta Targeting Critical Infrastructure

May 17, 2024 2:19:41 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, Ransomware, Black Basta, Healthcare, Emerging Threat

0 Comments

Related Families: Qakbot
Verticals Targeted: Critical Infrastructure, Healthcare

Executive Summary

CISA recently issued an advisory warning critical infrastructure entities to harden their defenses against attacks from Black Basta.

Read More

Cuckoo: Part Infostealer, Part Spyware

May 13, 2024 2:20:01 PM / by The Hivemind posted in Threat Bulletin, Infostealer, Spyware, MacOS, Cuckoo

0 Comments

Executive Summary

Cuckoo is a recently discovered infostealer and spyware hybrid targeting MacOS systems.

Read More

Cuttlefish Targeting SOHO Routers

May 10, 2024 2:07:32 PM / by The Hivemind posted in Threat Bulletin, China, Cuttlefish, HiatusRat, SOHO routers

0 Comments

Related Families: HiatusRat
Targeted Verticals: Telecommunications, Various

Executive Summary

Cuttlefish is a recently discovered modular malware platform observed targeting networking equipment, including enterprise grade SOHO routers.

Read More

Brokewell Android Banking Trojan

May 6, 2024 2:48:46 PM / by The Hivemind posted in Threat Bulletin, Financial, Android, Trojan, Banker, Banking Trojan, Baron Samedit, Brokewell

0 Comments

Verticals Targeted: Financial

Executive Summary

Brokewell is a newly discovered Android banking trojan with Device Takeover capabilities. Despite being a newcomer to the threat landscape, Brokewell poses a significant threat to the banking industry.

Read More

CoralRaider's Stealer Spree

May 3, 2024 1:53:10 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, LummaC2, Rhadamanthys, CryptBot, CoralRaider

0 Comments

Related Families: CryptBot, LummaC2, Rhadamanthys
Verticals Targeted: Technology, Defense

Executive Summary

The threat actor group CoralRaider was recently observed on a stealer spree distributing three infostealers, CryptBot, LummaC2, and Rhadamanthys.  

Read More

VooDoo Bear's Kapeka Backdoor Targets Critical Infrastructure

Apr 26, 2024 2:28:37 PM / by The Hivemind posted in Threat Bulletin, Critical Infrastructure, ICS, Energy, VooDoo Bear, Kapeka

0 Comments

Related Families: GreyEnergy, Prestige
Verticals Targeted: Critical Infrastructure

Executive Summary

Kapeka, also known as KnuckleTouch, is a novel backdoor used by VooDoo Bear to target entities in Eastern Europe.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More