Executive Summary
Malwarebytes recently reported on Woody RAT, a RAT being used to target entities in Russia.
Woody RAT Targets Russia
Aug 15, 2022 2:18:29 PM / by PolySwarm Tech Team posted in Russia, Threat Bulletin, Woody RAT, RAT
Manjusaka Framework
Aug 11, 2022 2:51:07 PM / by PolySwarm Tech Team posted in Threat Bulletin, China, Cobalt Strike, Manjusaka, Silver
Executive Summary
Cisco Talos recently reported on a campaign leveraging Manjusaka, a new attack framework being used in the wild that is advertised as an alternative to Cobalt Strike or Sliver.
Luca Stealer
Aug 8, 2022 3:41:00 PM / by PolySwarm Team posted in Threat Bulletin, Stealer, Windows, Rust, Luca Stealer
Executive Summary
Cyble recently reported on Luca Stealer, a Rust based stealer malware targeting Windows.
Key Takeaways
Lilith Ransomware
Aug 4, 2022 2:37:11 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, Lilith, Lilithcrypt
Executive Summary
Cyble recently reported on Lilith Ransomware, which appends the .lilith extension to encrypted files.
Raspberry Robin
Aug 1, 2022 2:21:21 PM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, LNK Worm, Raspberry Robin, QNAP
Executive Summary
Cybereason recently reported on Raspberry Robin, a worm that uses LNK shortcuts to lure victims and leverages compromised QNAP devices as stagers.
PennyWise Infostealer Targets Crypto and Browsers
Jul 28, 2022 12:21:07 PM / by PolySwarm Tech Team posted in Threat Bulletin, Infostealer, Cryptocurrency, PennyWise, YouTube
Executive Summary
Cyble recently reported on PennyWise, an infostealer targeting crypto and browsers. PennyWise uses YouTube videos to bait victims into installing what they believe to be Bitcoin mining software.
APT 29 Using Brute Ratel
Jul 25, 2022 1:58:05 PM / by PolySwarm Tech Team posted in Threat Bulletin, Brute Ratel, APT29, CozyDuke, brc4, Cozy Bear, Cozycar, Dark Halo, Dukes, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, YTTRIUM
Executive Summary
Palo Alto’s Unit 42 recently reported on Brute Ratel C4 (BRc4), a legitimate redteaming and adversarial attack simulation tool being abused by APT 29 threat actors.
Recent Ransomware Threats to Healthcare
Jul 21, 2022 1:27:35 PM / by PolySwarm Tech Team posted in Threat Bulletin, North Korea, Ransomware, Iran, IcedID, Healthcare, Maui, Quantum, Hospital
Executive Summary
Multiple ransomware families have been used to target the healthcare vertical in the past year. In this report, we cover recently reported attacks on the healthcare vertical leveraging Maui and Quantum ransomware families.