The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Rorschach Ransomware

Apr 14, 2023 2:25:33 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Rorschach

0 Comments



Executive Summary

Rorschach is a newly discovered ransomware family with the fastest encryption to date. While the developers seemed to borrow TTPs from other ransomware strains, Rorschach is unique and points to a sophisticated threat actor.

Read More

Bitter APT Campaign Targets Energy Sector

Apr 10, 2023 1:22:19 PM / by The Hivemind posted in Threat Bulletin, China, Energy, South Asia, Bitter APT, Nuclear

0 Comments

Verticals Targeted: Energy

Executive Summary

A recent Bitter APT campaign targeted nuclear energy entities in China. The threat actors used multiple techniques to obtain access to the victim machine, maintain persistence, and download and execute next-stage payloads.

Read More

MacStealer Targeting MacOS Devices

Apr 6, 2023 4:06:25 PM / by The Hivemind posted in Threat Bulletin, Stealer, MacOS, Mac, MacStealer

0 Comments



Executive Summary

Read More

Nexus Android Banking Trojan

Apr 4, 2023 3:28:28 PM / by The Hivemind posted in Threat Bulletin, Banking, Android, Trojan, Botnet, Mobile, POISON, Nexus, Banker, SOVA

0 Comments

Related Families: SOVA
Verticals Targeted: Financial, Cryptocurrency 

Read More

Trigonia Ransomware

Mar 31, 2023 2:10:27 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Trigonia, crylock

0 Comments

Related Families: CryLock
Verticals Targeted: Manufacturing, Finance, Construction, Agriculture, Marketing, Technology

Read More

CatB Ransomware

Mar 28, 2023 3:49:33 PM / by The Hivemind posted in Threat Bulletin, Ransomware, CatB, CatB99, Baxtoy, Pandora

0 Comments

Related Families: Pandora

Executive Summary

Sentinel One recently reported on CatB ransomware. CatB, also known as CatB99 or Baxtoy, was first seen in the wild in late 2022.

Read More

YoroTrooper Targeting Energy & Government Entities

Mar 24, 2023 2:58:36 PM / by The Hivemind posted in Threat Bulletin, Government, Healthcare, YoroTrooper, CIS, Energy

0 Comments

Related Families: Custom Python tools, AveMaria, Warzone RAT, LodaRAT, Stink
Verticals Targeted: Energy, Government, Healthcare


Executive Summary

YoroTrooper is a threat actor group observed targeting energy and government entities and an EU healthcare organization. Although YoroTrooper uses commodity and open-source tools, most of their final payloads are custom developed.

Read More

Cyberstanc promoted to Arbiter in the PolySwarm Marketplace

Mar 22, 2023 12:46:51 PM / by PolySwarm Tech Team posted in Partner, Engine, Arbiter

0 Comments



“We are excited to promote Cyberstanc as the next Arbiter in the PolySwarm Marketplace. The Cyberstanc Engine has proven itself in the PolySwarm Marketplace to be reliable and accurate for the past 2.5 years. Their unique malware detection and threat intelligence insights will continue to support PolySwarm’s crowdsourced ecosystem of innovative anti-malware engines in their fight against malware.” - Steve Bassi, CEO of PolySwarm.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts