The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Play Ransomware Linux Variant Discovered

Jul 26, 2024 3:02:38 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Play, ESXi

0 Comments

Executive Summary

A Linux variant of Play ransomware has been observed that is capable of targeting ESXi environments.

Read More

TargetCompany Ransomware Linux Variant

Jun 10, 2024 2:25:02 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Asia, APAC, TargetCompany, ESXi

0 Comments

Verticals Targeted: Healthcare, Finance, Government, Manufacturing, Education, Information Technology, Retail, Transportation, Utilities, Telecommunications

Executive Summary

A new Linux variant of TargetCompany ransomware was recently discovered that uses a custom shell script to deliver and execute payloads in ESXi environments.

Read More

Velvet Chollima Using Gomir Linux Backdoor

May 24, 2024 11:58:05 AM / by The Hivemind posted in Threat Bulletin, Espionage, North Korea, Linux, Kimsuky, GoBear, Velvet Chollima, Gomir, Troll Stealer

0 Comments

Related Families: GoBear, Troll Stealer, BetaSeed, Endor
Verticals Targeted: Government 

Executive Summary

North Korea nexus threat actor group Velvet Chollima was observed using a new Linux backdoor, dubbed Gomir, to target entities in South Korea.

Read More

Ebury Compromised 400K Linux Servers

May 20, 2024 2:59:44 PM / by The Hivemind posted in Threat Bulletin, Stealer, Linux, Backdoor, Cryptocurrency, Ebury, HelimodSteal, HelimodProxy, HelimodRedirect

0 Comments

Related Families: HelimodSteal, HelimodProxy, HelimodRedirect

Executive Summary

A longstanding botnet campaign is known to deliver Ebury, an OpenSSH backdoor and credential stealer.

Read More

Cerber Ransomware Linux Variant Exploiting CVE-2023-22518

Apr 22, 2024 2:02:42 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Cerber, CVE-2023-22518, Confluence

0 Comments

Related Families: Effluence

Executive Summary

A Linux variant of Cerber ransomware was observed exploiting CVE-2023-22518, a vulnerability affecting Atlassian Confluence.

Read More

AcidPour Wiper Targets Linux x86 Devices

Mar 29, 2024 12:44:53 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Linux, AcidRain, AcidPour, x86

0 Comments

Related Families: AcidRain
Verticals Targeted: Telecommunications 

Executive Summary

AcidPour, a variant of AcidRain, was recently observed targeting entities in Ukraine. The targets likely included telecommunications entities.

Read More

KrustyLoader Backdoor

Mar 11, 2024 3:09:11 PM / by The Hivemind posted in Threat Bulletin, Windows, Linux, Backdoor, KrustyLoader, Avanti, UNC5221

0 Comments

Verticals Targeted: Government, Defense, Finance, Technology, Telecommunications, Aerospace, Pharmaceuticals  

Executive Summary

Multiple industry sources recently reported on KrustyLoader, a Rust-based backdoor with both Windows and Linux variants.

Read More

Volt Typhoon's KV-Botnet

Jan 22, 2024 1:38:21 PM / by The Hivemind posted in Threat Bulletin, APT, Critical Infrastructure, China, Linux, Volt Typhoon, KV-Botnet

0 Comments

Verticals Targeted: Government

Executive Summary

Volt Typhoon was observed compromising Cisco RV325 devices with KV-Botnet.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More