The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

HZ Rat MacOS Variant

Sep 13, 2024 2:19:08 PM / by The Hivemind posted in Threat Bulletin, Backdoor, RAT, MacOS, HZ Rat

0 Comments

Executive Summary

A MacOS variant of HZ Rat was recently discovered targeting messaging apps in China. HZ Rat is a basic backdoor, and shell commands received from the C2 provide additional functionality.

Read More

Voldemort

Sep 9, 2024 12:52:20 PM / by The Hivemind posted in Threat Bulletin, Espionage, Backdoor, Voldemort

0 Comments

Verticals Targeted: Insurance, Aerospace, Transportation, Education, Finance, Technology, Healthcare, Automotive, Hospitality, Energy, Government, Media, Manufacturing, Telecommunications 

Executive Summary

An espionage campaign delivering the Voldemort backdoor was recently observed targeting over 70 organizations. The campaign uses a novel attack chain to deliver the malware, leveraging Google Sheets for command and control (C2).

Read More

BitSloth

Aug 9, 2024 2:44:04 PM / by The Hivemind posted in Threat Bulletin, Windows, Backdoor, BITS, BitSloth

0 Comments

Verticals Targeted: Government 

Executive Summary

BitSloth is a recently discovered Windows backdoor that uses a built-in feature called Background Intelligent Transfer Service (BITS) for C2.

Read More

BadSpace Backdoor

Jun 25, 2024 1:23:38 PM / by The Hivemind posted in Threat Bulletin, Backdoor, BadSpace, WarmCookie, SocGholish

0 Comments

Executive Summary

BadSpace, also known as WarmCookie, is a novel backdoor delivered via a multistage attack leveraging infected websites.

Read More

BloodAlchemy Targeted Government Entities in Asia

Jun 3, 2024 1:36:40 PM / by The Hivemind posted in Threat Bulletin, Government, China, Backdoor, Deed RAT, Asia, APAC, ShadowPad, BloodAlchemy

0 Comments

Related Families: ShadowPad, Deed RAT
Verticals Targeted: Government 

Read More

Ebury Compromised 400K Linux Servers

May 20, 2024 2:59:44 PM / by The Hivemind posted in Threat Bulletin, Stealer, Linux, Backdoor, Cryptocurrency, Ebury, HelimodSteal, HelimodProxy, HelimodRedirect

0 Comments

Related Families: HelimodSteal, HelimodProxy, HelimodRedirect

Executive Summary

A longstanding botnet campaign is known to deliver Ebury, an OpenSSH backdoor and credential stealer.

Read More

Evasive Panda's Nightdoor Backdoor

Mar 22, 2024 2:57:50 PM / by The Hivemind posted in Threat Bulletin, China, Backdoor, Evasive Panda, Nightdoor, MgBot

0 Comments

Related Families: MgBot

Executive Summary

Evasive Panda was recently observed targeting Tibetans using a combination of strategic web compromise and supply chain attacks to deliver Nightdoor.

Read More

KrustyLoader Backdoor

Mar 11, 2024 3:09:11 PM / by The Hivemind posted in Threat Bulletin, Windows, Linux, Backdoor, KrustyLoader, Avanti, UNC5221

0 Comments

Verticals Targeted: Government, Defense, Finance, Technology, Telecommunications, Aerospace, Pharmaceuticals  

Executive Summary

Multiple industry sources recently reported on KrustyLoader, a Rust-based backdoor with both Windows and Linux variants.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More