The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Woody RAT Targets Russia

Aug 15, 2022 2:18:29 PM / by PolySwarm Tech Team posted in Russia, Threat Bulletin, Woody RAT, RAT

0 Comments



Executive Summary

Malwarebytes recently reported on Woody RAT, a RAT being used to target entities in Russia.

Read More

Manjusaka Framework

Aug 11, 2022 2:51:07 PM / by PolySwarm Tech Team posted in Threat Bulletin, China, Cobalt Strike, Manjusaka, Silver

0 Comments



Executive Summary

Cisco Talos recently reported on a campaign leveraging Manjusaka, a new attack framework being used in the wild that is advertised as an alternative to Cobalt Strike or Sliver.

Read More

Luca Stealer

Aug 8, 2022 3:41:00 PM / by PolySwarm Team posted in Threat Bulletin, Stealer, Windows, Rust, Luca Stealer

0 Comments



Executive Summary

Cyble recently reported on Luca Stealer, a Rust based stealer malware targeting Windows.

Key Takeaways

Read More

Lilith Ransomware

Aug 4, 2022 2:37:11 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, Lilith, Lilithcrypt

0 Comments



Executive Summary

Cyble recently reported on Lilith Ransomware, which appends the .lilith extension to encrypted files.

Read More

Raspberry Robin

Aug 1, 2022 2:21:21 PM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, LNK Worm, Raspberry Robin, QNAP

0 Comments



Executive Summary

Cybereason recently reported on Raspberry Robin, a worm that uses LNK shortcuts to lure victims and leverages compromised QNAP devices as stagers.

Read More

PennyWise Infostealer Targets Crypto and Browsers

Jul 28, 2022 12:21:07 PM / by PolySwarm Tech Team posted in Threat Bulletin, Infostealer, Cryptocurrency, PennyWise, YouTube

0 Comments



Executive Summary

Cyble recently reported on PennyWise, an infostealer targeting crypto and browsers. PennyWise uses YouTube videos to bait victims into installing what they believe to be Bitcoin mining software.

Read More

APT 29 Using Brute Ratel

Jul 25, 2022 1:58:05 PM / by PolySwarm Tech Team posted in Threat Bulletin, Brute Ratel, APT29, CozyDuke, brc4, Cozy Bear, Cozycar, Dark Halo, Dukes, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, YTTRIUM

0 Comments



Executive Summary

Palo Alto’s Unit 42 recently reported on Brute Ratel C4 (BRc4), a legitimate redteaming and adversarial attack simulation tool being abused by APT 29 threat actors.

Read More

Recent Ransomware Threats to Healthcare

Jul 21, 2022 1:27:35 PM / by PolySwarm Tech Team posted in Threat Bulletin, North Korea, Ransomware, Iran, IcedID, Healthcare, Maui, Quantum, Hospital

0 Comments



Executive Summary

Multiple ransomware families have been used to target the healthcare vertical in the past year.  In this report, we cover recently reported attacks on the healthcare vertical leveraging Maui and Quantum ransomware families.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More