Insights, news, education and announcements from PolySwarm

Manjusaka Framework

Aug 11, 2022 2:51:07 PM / by PolySwarm Tech Team posted in Threat Bulletin, China, Cobalt Strike, Manjusaka, Silver

Executive Summary

Cisco Talos recently reported on a campaign leveraging Manjusaka, a new attack framework being used in the wild that is advertised as an alternative to Cobalt Strike or Sliver.

Space Pirates Target Russian Aerospace

May 25, 2022 2:37:46 PM / by PolySwarm Tech Team posted in Russia, China, Aerospace, Downloader.Climax.B, Plug X, Space Pirates, MyKLoadClient, Zupdax, Downloader.Climax.A, RTLShare, BH_A006, Deed RAT

0 Comments

Background

Positive Technologies recently reported on an espionage campaign in which a previously unknown threat actor group targeted the Russian aerospace industry. Researchers at Positive Technologies dubbed the group Space Pirates.

BPFDoor Targets Linux Systems

May 20, 2022 2:44:39 PM / by PolySwarm Tech Team posted in Threat Bulletin, China, Linux, Red Menshen, BPFDoor, Telecommunications

0 Comments

Background

PwC Threat Intelligence recently reported on BPFDoor, a passive network implant for Linux targeting telecommunications providers. The activity was attributed to the Chinese nexus threat actor group Red Menshen.

Daxin Backdoor

Mar 4, 2022 2:06:59 PM / by PolySwarm Tech Team posted in Threat Bulletin, Espionage, China, Owlproxy, Daxin

0 Comments

Background

Symantec recently published research on Daxin backdoor, which they called the “most advanced” malware they have seen from Chinese threat actors.

Wicked Panda’s ShadowPad RAT

Feb 28, 2022 2:31:59 PM / by PolySwarm Tech Team posted in Threat Bulletin, APT41, Shadow Pad, China, Winnti, Axiom

0 Comments

Background

Secureworks recently posted research analyzing Wicked Panda’s ShadowPad RAT. Secureworks stated multiple clusters of ShadowPad activity appeared to be linked to PLA theater commands.

The PolySwarm Blog

Manjusaka Framework

Space Pirates Target Russian Aerospace

BPFDoor Targets Linux Systems

Daxin Backdoor

Background

Symantec recently published research on Daxin backdoor, which they called the “most advanced” malware they have seen from Chinese threat actors.

Wicked Panda’s ShadowPad RAT

Background

Secureworks recently posted research analyzing Wicked Panda’s ShadowPad RAT. Secureworks stated multiple clusters of ShadowPad activity appeared to be linked to PLA theater commands.

Subscribe to Email Updates

Lists by Topic

Posts by Topic

Recent Posts

Join the Marketplace

For Enterprises and Businesses

For Security Experts and AV Companies

Manjusaka Framework

Space Pirates Target Russian Aerospace

BPFDoor Targets Linux Systems

Daxin Backdoor

BackgroundSymantec recently published research on Daxin backdoor, which they called the “most advanced” malware they have seen from Chinese threat actors.

Wicked Panda’s ShadowPad RAT

BackgroundSecureworks recently posted research analyzing Wicked Panda’s ShadowPad RAT. Secureworks stated multiple clusters of ShadowPad activity appeared to be linked to PLA theater commands.

Subscribe to Email Updates

Lists by Topic

Posts by Topic

Recent Posts

Join the Marketplace

For Enterprises and Businesses

For Security Experts and AV Companies

Background

Symantec recently published research on Daxin backdoor, which they called the “most advanced” malware they have seen from Chinese threat actors.

Background

Secureworks recently posted research analyzing Wicked Panda’s ShadowPad RAT. Secureworks stated multiple clusters of ShadowPad activity appeared to be linked to PLA theater commands.