The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Earth Lusca's SprySOCKS Linux Backdoor

Sep 25, 2023 2:06:11 PM / by The Hivemind posted in Threat Bulletin, Espionage, Government, Linux, Backdoor, Mandibule, SprySOCKS, Earth Lusca, Aquatic Panda

0 Comments

Related Families: Mandibule, Cobalt Strike, Trochilus, RedLeaves
Verticals Targeted: Government 

Read More

BadBazaar Spyware Variants Delivered Via Trojanized Android Apps

Sep 11, 2023 3:07:00 PM / by The Hivemind posted in Threat Bulletin, Espionage, Android, Mobile, BadBazaar, GREF

0 Comments

Executive Summary

Two GREF espionage campaigns used trojanized Android apps to deliver BadBazaar spyware variants.

Read More

PicassoLoader

Jul 21, 2023 2:15:50 PM / by The Hivemind posted in Ukraine, Threat Bulletin, Espionage, Belarus, Poland, PicassoLoader, GhostWriter

0 Comments

Verticals Targeted: Government, Military, Various

Executive Summary

PicassoLoader, a downloader, was observed targeting government, military, and civilian entities in Ukraine and Poland. CERT-UA attributed this activity to GhostWriter.

Read More

Cadet Blizzard

Jun 23, 2023 2:09:27 PM / by The Hivemind posted in Russia, Threat Bulletin, Espionage, WhisperGate, Cadet Blizzard, Disruption

0 Comments

Related Families: WhisperGate
Verticals Targeted: Government, Law Enforcement, Non-profits, Information Technology, Emergency Services

Executive Summary

Cadet Blizzard is a Russia nexus state-sponsored threat actor group with potential ties to the GRU. However, their activity seems to be distinct from other GRU-associated threat actor groups. 

Read More

AhRAT

Jun 2, 2023 2:04:00 PM / by The Hivemind posted in Espionage, Android, RAT, AhMyth, AhRAT

0 Comments

Related Families: AhMyth

Executive Summary

AhRAT, an Android RAT, was disguised as the iRecorder app. This malicious version of the iRecorder app is capable of recording audio and exfiltrating files from a victim’s device.

Read More

PingPull Linux Variant

May 8, 2023 3:05:38 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, PingPull, Gallium, RAT, Sword2033

0 Comments

Related Families: Sword2033

Executive Summary

China nexus threat actor group Gallium was recently observed using a new Linux variant of PingPull in an espionage campaign.

Read More

Recent Turla Activity Targeting Ukraine

Jan 19, 2023 12:39:38 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Espionage, Venomous Bear, Andromeda, Kopiluwak, Turla, QuietCanary

0 Comments

Related Families: Andromeda, Kopiluwak, QuietCanary

Executive Summary

Mandiant recently reported on a Turla campaign targeting Ukraine. The threat actors used multiple malware families in this campaign, including Kopiluwak, QuietCanary, and Andromeda.

Read More

Winnti Targets Hong Kong With Spyder Loader

Nov 7, 2022 1:37:10 PM / by PolySwarm Tech Team posted in Threat Bulletin, Espionage, APT41, Wicked Panda, China, Winnti, Loader, Spyder Loader

0 Comments

Verticals Targeted: Government

Executive Summary

Symantec recently reported on Spyder Loader, a tool used by Chinese nexus state-sponsored threat actor group Winnti to target government entities in Hong Kong.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More