The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

TargetCompany Ransomware Linux Variant

Jun 10, 2024 2:25:02 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Asia, APAC, TargetCompany, ESXi

0 Comments

Verticals Targeted: Healthcare, Finance, Government, Manufacturing, Education, Information Technology, Retail, Transportation, Utilities, Telecommunications

Executive Summary

A new Linux variant of TargetCompany ransomware was recently discovered that uses a custom shell script to deliver and execute payloads in ESXi environments.

Read More

BloodAlchemy Targeted Government Entities in Asia

Jun 3, 2024 1:36:40 PM / by The Hivemind posted in Threat Bulletin, Government, China, Backdoor, Deed RAT, Asia, APAC, ShadowPad, BloodAlchemy

0 Comments

Related Families: ShadowPad, Deed RAT
Verticals Targeted: Government 

Read More

Mustang Panda Used DOPLUGS PlugX Variant to Target Asia

Mar 1, 2024 12:24:02 PM / by The Hivemind posted in Threat Bulletin, China, Asia, APAC, DOPLUGS, Mustang Panda, SMUGX

0 Comments

Related Families: KillSomeOne, PlugX, Hodur, REDDELTA

Executive Summary

Mustang Panda was observed leveraging DOPLUGS to target entities in Asia. DOPLUGS is a custom PlugX variant.

Read More

2023 Recap - Threat Actor Activity Highlights - North Korea

Dec 15, 2023 1:37:07 PM / by The Hivemind posted in Threat Bulletin, North Korea, APAC, 2023 Recap, Chollima

0 Comments

Executive Summary

Several high-profile North Korea nexus threat actor groups have been active in 2023. Reported activities include but are not limited to supply chain attacks, targeting of cryptocurrency, and proliferation of MacOS malware. In this report, PolySwarm highlights cyber activity perpetrated by North Korea nexus threat actor groups in 2023.

Read More

PolySwarm 2022 Recap - Threat Actor Activity Highlights: China

Dec 27, 2022 11:35:41 AM / by PolySwarm Tech Team posted in Threat Bulletin, China, 2022 Recap, Asia, APAC

0 Comments



Executive Summary

This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report provides highlights of activity perpetrated by China-based threat actors in 2022.

Key Takeaways

  • This report highlights activity perpetrated by China-based threat actors in 2022.
  • Threat actors featured in this report include Keyhole Panda, Stone Panda, Deep Panda, Twisted Panda, Vixen Panda, Pirate Panda, Aquatic Panda, Wicked Panda, Mustang Panda, Emissary Panda, Kryptonite Panda, Lotus Panda, TA410, Red Menshen, Scarab, Aoquin Dragon, and Lotus Blossom.
  • PolySwarm tracked malware associated with multiple China nexus threat actors in 2022.
Read More

PolySwarm 2022 Recap - Threat Actor Activity Highlights: North Korea

Dec 21, 2022 1:28:03 PM / by PolySwarm Tech Team posted in Threat Bulletin, North Korea, 2022 Recap, Asia, APAC

0 Comments



Executive Summary

This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report highlights the activity perpetrated by North Korea-based threat actors in 2022.


Key Takeaways

  • This report provides highlights of activity perpetrated by North Korea-based threat actors in 2022.
  • Threat actors featured in this report include Lazarus Group, BlueNoroff, Reaper, Andariel, Kimsuky, Gwisin, and H0ly Gh0st. 
  • PolySwarm tracked malware associated with multiple North Korea nexus threat actors in 2022.
Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts