The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

FickleStealer

Jun 28, 2024 3:08:23 PM / by The Hivemind posted in Threat Bulletin, Stealer, Infostealer, FickleStealer

0 Comments

Executive Summary

FickleStealer is a Rust-based stealer that targets Windows devices. It is distributed in a variety of ways and steals information, likely with the intent of using the information for follow-on attacks.

Read More

BadSpace Backdoor

Jun 25, 2024 1:23:38 PM / by The Hivemind posted in Threat Bulletin, Backdoor, BadSpace, WarmCookie, SocGholish

0 Comments

Executive Summary

BadSpace, also known as WarmCookie, is a novel backdoor delivered via a multistage attack leveraging infected websites.

Read More

DISGOMOJI Linux RAT Controlled Via Discord Emojis

Jun 24, 2024 3:02:07 PM / by The Hivemind posted in Threat Bulletin, Espionage, India, Pakistan, Government, RAT, Discord, DISGOMOJI

0 Comments

Verticals Targeted: Government

Executive Summary

DISGOMOJI is a RAT controlled via emojis sent over Discord. It was recently observed targeting government entities in India.

Read More

Cosmic Leopard Activity Targets Windows, MacOS, & Android

Jun 17, 2024 3:15:17 PM / by The Hivemind posted in Threat Bulletin, Android, Windows, MacOS, Cosmic Leopard, GravityRAT, Operation Celestial Force, HeavyLift, GravityAdmin

0 Comments

Related Families: GravityRAT, HeavyLift, GravityAdmin
Verticals Targeted: Defense, Government, Technology 

Executive Summary

Cosmic Leopard was observed targeting Windows, MacOS, and Android devices in a series of ongoing campaigns dubbed Operation Celestial Force. The threat actors used GravityRAT and HeavyLift to target entities in India.

Read More

RansomHub

Jun 14, 2024 2:22:45 PM / by The Hivemind posted in Threat Bulletin, Ransomware, RansomHub, Knight

0 Comments

Related Families: Knight
Verticals Targeted: Healthcare, Financial, Auction House, Technology, Government

Executive Summary

RansomHub, a ransomware as a service (RaaS), is an offshoot of Knight and has quickly become one of the most active ransomware families in 2024.

Read More

TargetCompany Ransomware Linux Variant

Jun 10, 2024 2:25:02 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Asia, APAC, TargetCompany, ESXi

0 Comments

Verticals Targeted: Healthcare, Finance, Government, Manufacturing, Education, Information Technology, Retail, Transportation, Utilities, Telecommunications

Executive Summary

A new Linux variant of TargetCompany ransomware was recently discovered that uses a custom shell script to deliver and execute payloads in ESXi environments.

Read More

New North Korean Threat Actor Group Moonstone Sleet

Jun 7, 2024 12:58:01 PM / by The Hivemind posted in Threat Bulletin, North Korea, MoonstoneSleet, YouieLoad, Threat Actor Profile, SplitLoader

0 Comments

Related Families: SplitLoader, YouieLoad
Verticals Targeted: Education, Software, Information Technology, Defense, Aerospace

Executive Summary

Moonstone Sleet is a newly identified North Korea nexus threat actor group. The group leverages a combination of commonly used North Korean threat actor TTPs, along with their own unique attack methodologies.

Read More

BloodAlchemy Targeted Government Entities in Asia

Jun 3, 2024 1:36:40 PM / by The Hivemind posted in Threat Bulletin, Government, China, Backdoor, Deed RAT, Asia, APAC, ShadowPad, BloodAlchemy

0 Comments

Related Families: ShadowPad, Deed RAT
Verticals Targeted: Government 

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More