The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Stealth Falcon's Deadglyph Backdoor

Oct 6, 2023 1:42:37 PM / by The Hivemind posted in Threat Bulletin, Middle East, Backdoor, Stealth Falcon, Deadglyph, UAE

0 Comments

Verticals Targeted: Government 

Executive Summary

Deadglyph is a backdoor used by the Stealth Falcon threat actor group for espionage operations targeting entities in the Middle East.

Read More

Earth Lusca's SprySOCKS Linux Backdoor

Sep 25, 2023 2:06:11 PM / by The Hivemind posted in Threat Bulletin, Espionage, Government, Linux, Backdoor, Mandibule, SprySOCKS, Earth Lusca, Aquatic Panda

0 Comments

Related Families: Mandibule, Cobalt Strike, Trochilus, RedLeaves
Verticals Targeted: Government 

Executive Summary

China nexus threat actor group Earth Lusca was observed using a Linux-based backdoor dubbed SprySOCKS to target government entities.

Read More

The Evolution of BPFDoor

Jul 28, 2023 2:38:39 PM / by The Hivemind posted in Threat Bulletin, China, Backdoor, Red Menshen, BPFDoor

0 Comments

Executive Summary

Read More

Fin8 Using Sardonic Backdoor

Jul 24, 2023 2:44:05 PM / by The Hivemind posted in Threat Bulletin, ALPHV, Backdoor, Fin8, Sardonic

0 Comments

Related Families: ALPHV

Executive Summary

Fin8 was observed leveraging Sardonic backdoor to deliver ALPHV ransomware. 

Read More

Vixen Panda's Graphican Backdoor

Jul 17, 2023 2:08:32 PM / by The Hivemind posted in Threat Bulletin, Financial, Government, China, Backdoor, Vixen Panda, Graphican

0 Comments

Related Families: Ketrican, BS2005
Verticals Targeted: Government, Financial

Executive Summary

Vixen Panda was recently observed using the Graphican backdoor to target government, financial, and other entities in the Americas and Europe. It is based on Ketrican and is one of many tools in Vixen Panda’s arsenal.

Read More

SideWinder WarHawk Backdoor

Oct 31, 2022 1:16:52 PM / by PolySwarm Tech Team posted in Threat Bulletin, India, Pakistan, Backdoor, Sidewinder, WarHawk

0 Comments



Executive Summary

Zscaler recently reported on WarHawk, a new backdoor used by the Indian threat actor group SideWinder.

Read More

SideWalk Linux Variant

Oct 3, 2022 3:59:17 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, Backdoor, SparklingGoblin, SideWalk

0 Comments

Related Families: Specter RAT, SideWalk (Windows)
Verticals Targeted: Education

Executive Summary

ESET recently reported on a SideWalk Linux variant. SideWalk is a backdoor used by the SparklingGoblin threat actor group.

Read More

SessionManager Targets Governments and NGOs

Jul 8, 2022 2:33:33 PM / by PolySwarm Tech Team posted in Threat Bulletin, Government, Backdoor, SessionManager, NGO, IIS

0 Comments



Executive Summary

Kaspersky recently reported on SessionManager, a difficult to detect backdoor targeting governments and NGOs in multiple countries.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts