The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Pymafka Targets macOS, Windows, Linux

Jun 17, 2022 11:17:39 AM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, Linux, Python, Pymafka, Cobalt Strike

0 Comments



Executive Summary

Sonatype recently reported on Pymakfa, a malicious Python package in the PyPl registry dropping Cobalt Strike on macOS, Windows, and Linux.

Read More

Enemybot IoT Malware

Jun 13, 2022 12:47:53 PM / by PolySwarm Tech Team posted in Threat Bulletin, Android, Linux, Enemybot, CMS

0 Comments



Executive Summary

AT&T Alien Labs recently reported on Enemybot, an internet of things (IoT) malware targeting content management systems (CMS), Linux, and Android.

Key Takeaways

Read More

Follina MSDT Vulnerability (CVE-2022-30190)

Jun 6, 2022 10:54:53 AM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, Follina, CVE-2022-30190, MS Office, MSDT

0 Comments



Background

Microsoft recently published an advisory on a newly identified zero-day vulnerability that affects Microsoft Support Diagnostic Tool (MSDT). CVE-2022-30190, which is being exploited in the wild, has been dubbed Follina by industry researcher Kevin Beaumont.

Read More

PolySwarms New Hunt Functionality

Jun 2, 2022 11:09:53 AM / by PolySwarm Tech Team posted in PolySwarm, Threat Hunting, New Features, Product Update

0 Comments



Many of you have given us feedback on our live and historical hunt functionality and we are thrilled to let you know that we are going live with your suggestions.

Read More

New ArguePatch Variant Spotted

May 31, 2022 12:03:49 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, CaddyWiper, Industroyer2, Sandworm, Voodoobear, ArguePatch

0 Comments



Background

ESET recently tweeted about a new version of ArguePatch, a malware loader used by VooDoo Bear (Sandworm) in multiple attacks against Ukrainian assets. ESET also gave an overview of the new version of ArguePatch on their WeLiveSecurity blog.

Read More

Cryware Targets Crypto Wallets

May 27, 2022 9:34:55 AM / by PolySwarm Tech Team posted in Cryptocurrency, Cryware, Keylogging, Memory Dumping, Clipping & Switching, Crypto Wallet

0 Comments



Background

Microsoft recently reported on “cryware”, information stealers that target non-custodial cryptocurrency wallets, or hot wallets.

Read More

Space Pirates Target Russian Aerospace

May 25, 2022 11:37:46 AM / by PolySwarm Tech Team posted in Russia, China, Aerospace, Downloader.Climax.B, Plug X, Space Pirates, MyKLoadClient, Zupdax, Downloader.Climax.A, RTLShare, BH_A006, Deed RAT

0 Comments



Background

Positive Technologies recently reported on an espionage campaign in which a previously unknown threat actor group targeted the Russian aerospace industry. Researchers at Positive Technologies dubbed the group Space Pirates.

Read More

BPFDoor Targets Linux Systems

May 20, 2022 11:44:39 AM / by PolySwarm Tech Team posted in Threat Bulletin, China, Linux, Red Menshen, BPFDoor, Telecommunications

0 Comments



Background

PwC Threat Intelligence recently reported on BPFDoor, a passive network implant for Linux targeting telecommunications providers. The activity was attributed to the Chinese nexus threat actor group Red Menshen.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts