The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Anatsa Android Banking Trojan

Jul 3, 2023 12:37:11 PM / by The Hivemind posted in Threat Bulletin, Banking, Financial, Android, Trojan, Banking Trojan, Anatsa

0 Comments

Verticals Targeted: Financial 

Executive Summary

Anatsa is a banking trojan targeting Android devices that is distributed through the Google Play store, disguised as a seemingly innocuous app.

Read More

Condi DDoS Botnet

Jun 30, 2023 3:05:33 PM / by The Hivemind posted in Threat Bulletin, DDoS, Mirai, Botnet, CVE-2023-1389, Condi

0 Comments

Related Families: Mirai

Executive Summary

Condi is a DDoS as a service botnet based on Mirai. It has been observed leveraging CVE-2023-1389 to propagate.

Read More

DcRAT Distributed Via Adult Content Themed Lures

Jun 26, 2023 1:57:42 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Infostealer, RAT, DcRAT, AsyncRAT

0 Comments

Related Families: AsyncRAT
Verticals Targeted: Consumer Services

Executive Summary

DcRAT is a clone of AsyncRAT and is used for remote access and stealing information. It also has ransomware capabilities. DcRAT has distributed via adult content-themed lures, including lures for OnlyFans pages.

Read More

Cadet Blizzard

Jun 23, 2023 2:09:27 PM / by The Hivemind posted in Russia, Threat Bulletin, Espionage, WhisperGate, Cadet Blizzard, Disruption

0 Comments

Related Families: WhisperGate
Verticals Targeted: Government, Law Enforcement, Non-profits, Information Technology, Emergency Services

Executive Summary

Cadet Blizzard is a Russia nexus state-sponsored threat actor group with potential ties to the GRU. However, their activity seems to be distinct from other GRU-associated threat actor groups. 

Read More

RedStinger Targets Critical Infrastructure

May 22, 2023 3:49:00 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Government, Critical Infrastructure, Transportation, Bad Magic

0 Comments

Related Families: DboxShell, PowerMagic
Verticals Targeted: Defense, Critical Infrastructure, Transportation 

Executive Summary

RedStinger, a relatively unknown threat actor group, targeted multiple entities in Ukraine, including those in the defense, transportation, and critical infrastructure verticals.

Read More

Winnti Subgroup Earth Longzhi Uses New TTPs

May 19, 2023 2:28:29 PM / by The Hivemind posted in Threat Bulletin, China, Winnti, TTPs, Stack Rumbling, Earth Longzhi

0 Comments

Related Families: Croxloader, SPHijacker, Behinder
Verticals Targeted: Government, Healthcare, Technology, Manufacturing

Executive Summary

Earth Longzhi, a Winnti subgroup, was recently observed using new TTPs, including a novel technique dubbed stack rumbling.

Read More

Reaper Uses New TTPs to Drop RokRAT

May 15, 2023 2:27:27 PM / by The Hivemind posted in Threat Bulletin, RokRAT, Reaper, Ricochet Chollima, LNK

0 Comments

Related Families: CloudMensis, RambleOn

Executive Summary

Reaper was recently observed using new TTPs to drop RokRAT. The infection chain leveraged LNK files delivered via the energy sector and politic

Read More

BlueNoroff's RustBucket MacOS Malware

May 12, 2023 3:48:04 PM / by The Hivemind posted in Threat Bulletin, Lazarus, North Korea, Financial, MacOS, Mac, RustBucket, BlueNoroff

0 Comments

Verticals Targeted: Financial

Executive Summary

North Korea nexus threat actor group BlueNoroff was recently observed using malware to target MacOS systems. Dubbed RustBucket, the malware can be used to communicate with the C2 to download and execute additional payloads.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More