The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

RustDoor MacOS Backdoor

Feb 26, 2024 11:51:18 AM / by The Hivemind posted in Threat Bulletin, Ransomware, ALPHV, Backdoor, MacOS, Mac, Apple, RustDoor, GateDoor

0 Comments

Related Families: GateDoor
Verticals Targeted: Cryptocurrency

Executive Summary

RustDoor is a new MacOS backdoor written in Rust. RustDoor was observed targeting companies in the cryptocurrency sector.

Read More

PurpleFox Botnet Targeting Entities in Ukraine

Feb 16, 2024 11:44:26 AM / by The Hivemind posted in Ukraine, Threat Bulletin, Backdoor, Trojan, Botnet, rootkit, Exploit Kit, PurpleFox

0 Comments

Executive Summary

Read More

ColdRiver Using Spica Backdoor

Feb 2, 2024 1:06:16 PM / by The Hivemind posted in Russia, Threat Bulletin, Backdoor, Spica, ColdRiver

0 Comments

Executive Summary

Russia nexus threat actor group ColdRiver was recently observed using Spica backdoor in an espionage campaign.

Read More

SpectralBlur MacOS Backdoor

Jan 19, 2024 2:03:16 PM / by The Hivemind posted in Threat Bulletin, Backdoor, MacOS, Stardust Chollima, SpectralBlur, KandyKorn

0 Comments

Related Families: KandyKorn

Executive Summary

SpectralBlur is a fairly unsophisticated backdoor targeting MacOS devices. It has been attributed to Stardust Chollima.

Read More

Xamalicious Android Backdoor

Jan 16, 2024 7:42:21 AM / by The Hivemind posted in Threat Bulletin, Android, Backdoor, Mobile, Xamalicious

0 Comments

Executive Summary

Read More

Stealth Falcon's Deadglyph Backdoor

Oct 6, 2023 1:42:37 PM / by The Hivemind posted in Threat Bulletin, Middle East, Backdoor, Stealth Falcon, Deadglyph, UAE

0 Comments

Verticals Targeted: Government 

Executive Summary

Deadglyph is a backdoor used by the Stealth Falcon threat actor group for espionage operations targeting entities in the Middle East.

Read More

Earth Lusca's SprySOCKS Linux Backdoor

Sep 25, 2023 2:06:11 PM / by The Hivemind posted in Threat Bulletin, Espionage, Government, Linux, Backdoor, Mandibule, SprySOCKS, Earth Lusca, Aquatic Panda

0 Comments

Related Families: Mandibule, Cobalt Strike, Trochilus, RedLeaves
Verticals Targeted: Government 

Executive Summary

China nexus threat actor group Earth Lusca was observed using a Linux-based backdoor dubbed SprySOCKS to target government entities.

Read More

The Evolution of BPFDoor

Jul 28, 2023 2:38:39 PM / by The Hivemind posted in Threat Bulletin, China, Backdoor, Red Menshen, BPFDoor

0 Comments

Executive Summary

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More