The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Muddy Water Uses SloughRAT in Recent Campaigns

Mar 17, 2022 10:21:56 AM / by PolySwarm Tech Team posted in Threat Bulletin, Espionage, Iran, Muddy Water, Static Kitten, SloughRAT, Canopy

0 Comments



Background

Iranian threat actor group Muddy Water has been very active in the last few months. In February, CISA issued an
alert warning that the group was conducting a campaign targeting global government and commercial networks. Earlier this month, Cisco’s Talos Intelligence published a blog post on Muddy Water activity targeting Turkey and other countries.

Read More

Daxin Backdoor

Mar 4, 2022 11:06:59 AM / by PolySwarm Tech Team posted in Threat Bulletin, Espionage, China, Owlproxy, Daxin

0 Comments



Background


Symantec recently published research on Daxin backdoor, which they called the “most advanced” malware they have seen from Chinese threat actors.

Read More

Mythic Leopard Uses CapraRAT to Target Indian Government Officials

Feb 22, 2022 12:20:55 PM / by PolySwarm Tech Team posted in Threat Bulletin, Espionage, India, APT36, Android, Pakistan, Mythic Leopard, CapraRAT

0 Comments

PolySwarm Threat Bulletin


Background


Cyble recently released a deep dive analysis of Mythic Leopard espionage activity leveraging CapraRAT Android spyware. This campaign targeted Indian government officials.

Read More

PolySwarm Threat Bulletin: Molerats NimbleMamba Espionage Campaign Targeting MENA Countries

Feb 16, 2022 11:55:24 AM / by PolySwarm Tech Team posted in Threat Bulletin, Middle East, Molerats, Espionage, Gaza, Gaza Cyber Gang, Nimblemamba

0 Comments


Background

Proofpoint recently posted their findings on a Molerats espionage campaign leveraging a new implant dubbed NimbleMamba. In this campaign, Molerats employed a complex attack chain that uses a combination of geofencing and URL redirects to legitimate sites to evade detection. Targets of this campaign included Middle Eastern governments, foreign policy think tanks, and an airline.
Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts