The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

New BBTok Variant

Oct 2, 2023 2:44:45 PM / by The Hivemind posted in Threat Bulletin, Financial, Banker, Banking Trojan, BBTok, Latin America

0 Comments

Verticals Targeted: Financial

Executive Summary

BBTok, written in Delphi, is a banking trojan that has been active since at least 2020. A new variant was recently observed targeting financial entities in Latin America.

Read More

ShroudedSnooper Targeting Telecommunications in the Middle East

Sep 29, 2023 1:35:33 PM / by The Hivemind posted in Threat Bulletin, Middle East, Telecommunications, ShroudedSnooper, HTTPSnoop, PipeSnoop

0 Comments

Related Families: HTTPSnoop, PipeSnoop
Verticals Targeted: Telecommunications 

Executive Summary

ShroudedSnooper used the novel implants HTTPSnoop and PipeSnoop to target telecommunications entities in the Middle East.

Read More

Earth Lusca's SprySOCKS Linux Backdoor

Sep 25, 2023 2:06:11 PM / by The Hivemind posted in Threat Bulletin, Espionage, Government, Linux, Backdoor, Mandibule, SprySOCKS, Earth Lusca, Aquatic Panda

0 Comments

Related Families: Mandibule, Cobalt Strike, Trochilus, RedLeaves
Verticals Targeted: Government 

Executive Summary

China nexus threat actor group Earth Lusca was observed using a Linux-based backdoor dubbed SprySOCKS to target government entities.

Read More

ALPHV Hacks MGM Grand

Sep 22, 2023 2:31:31 PM / by The Hivemind posted in Threat Bulletin, Ransomware, ALPHV, Scattered Spider, MGM Grand, social engineering

0 Comments

Verticals Targeted: Gambling, Hospitality, Recreation

Executive Summary

MGM Resorts International was the victim of a recent cyber attack that impacted several systems, including its website, reservations, and in-casino services such as ATMs, slot machines, and credit card machines. ALPHV has taken credit for the attack.

Read More

Charming Kitten Using Sponsor Backdoor

Sep 18, 2023 2:00:54 PM / by The Hivemind posted in Threat Bulletin, Middle East, Iran, Charming Kitten, Sponsor

0 Comments

Verticals Targeted: Automotive, Communications, Engineering, Financial Services, Healthcare, Insurance, Legal, Manufacturing, Retail, Technology, Telecommunications

Executive Summary

Charming Kitten, an Iran nexus threat actor group, was recently observed using Sponsor backdoor to target at least 34 entities in Brazil, Israel, and UAE.

Read More

Mallox Ransomware

Sep 15, 2023 2:00:19 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Mallox, Remcos RAT

0 Comments

Related Families: Remcos RAT, Metasploit
Verticals Targeted:  Manufacturing, Retail, Wholesale, Legal, Professional Services

Executive Summary

Mallox, also known as TargetCompany, FARGO, and Tohnichi, is a ransomware family targeting Windows systems, particularly unsecured MS-SQL servers, to compromise victim networks.

Read More

BadBazaar Spyware Variants Delivered Via Trojanized Android Apps

Sep 11, 2023 3:07:00 PM / by The Hivemind posted in Threat Bulletin, Espionage, Android, Mobile, BadBazaar, GREF

0 Comments

Executive Summary

Two GREF espionage campaigns used trojanized Android apps to deliver BadBazaar spyware variants.

Read More

Carderbee Targets Hong Kong in Supply Chain Attack

Sep 8, 2023 2:29:33 PM / by The Hivemind posted in Threat Bulletin, Carderbee, Korplug, PlugX

0 Comments

Related Families: Korplug, PlugX

Executive Summary

In a recent campaign, Carderbee targeted entities in Hong Kong and other regions of Asia via a supply chain attack leveraging the legitimate Cobra DocGuard software.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts