Executive Summary
Google’s Threat Analysis Group (TAG) recently reported on Hyperscrape, a new data extraction tool used by the Iranian nexus threat actor group Charming Kitten.
Key Takeaways
Charming Kitten Hyperscrape Tool
Sep 9, 2022 1:13:55 PM / by PolySwarm Tech Team posted in Threat Bulletin, Iran, Hyperscrape, Scraper, Charming Kitten, APT35
Agenda Ransomware
Sep 6, 2022 3:11:38 PM / by PolySwarm Tech Team posted in Threat Bulletin, Agenda Ransomware, GoLang
Related Families: Black Basta, Black Matter, REvil
Verticals Targeted: healthcare, education
Executive Summary
Trend Micro recently reported on Agenda Ransomware, a tailored ransomware written in GoLang.
Lightning Framework
Sep 1, 2022 12:30:19 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, Lightning Framework
Executive Summary
Intezer recently reported on Lightning Framework, a Linux malware with modular plugins and the ability to install rootkits.
Key Takeaways
GwisinLocker
Aug 29, 2022 2:33:33 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, GwisinLocker, South Korea
Verticals Targeted: pharmaceutical, healthcare, industrial
Executive Summary
Ahnlab recently reported on GwisinLocker, a multi-platform ransomware targeting multiple verticals in South Korea.
Bumblebee Loader
Aug 25, 2022 1:48:41 PM / by PolySwarm Tech Team posted in Threat Bulletin, Loader, BazarLoader, BazarBackdoor, Bumblebee, BazaLoader
Related Families: BazarLoader, BazaLoader, Conti, BazarBackdoor, Trickbot, Diavol, Sliver, Bokbot, Meterpreter, Cobalt Strike
Verticals Targeted: Multiple
Executive Summary
Earlier this month, Palo Alto’s Unit 42 reported on recent activity leveraging Bumblebee. Unit 42 observed activity by multiple threat actors, including Projector Libra.
RapperBot Targets IoT
Aug 22, 2022 3:09:40 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, IoT, SSH, Mirai, RapperBot
Executive Summary
FortiGuard Labs recently reported on RapperBot, a malware family with a built-in capability to brute force credentials and gain access to SSH servers.
Mars Stealer Malware Targeting Crypto
Aug 18, 2022 12:04:52 PM / by PolySwarm Tech Team posted in Threat Bulletin, Stealer, Cryptocurrency, Atomic Wallet, Mars stealer
Executive Summary
A malware researcher on Twitter, @ViriBack, recently discovered a fake Atomic Wallet site distributing Mars Stealer.
Key Takeaways
Woody RAT Targets Russia
Aug 15, 2022 2:18:29 PM / by PolySwarm Tech Team posted in Russia, Threat Bulletin, Woody RAT, RAT
Executive Summary
Malwarebytes recently reported on Woody RAT, a RAT being used to target entities in Russia.