The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

The Evolution of BPFDoor

Jul 28, 2023 2:38:39 PM / by The Hivemind posted in Threat Bulletin, China, Backdoor, Red Menshen, BPFDoor

0 Comments

Executive Summary

Read More

Fin8 Using Sardonic Backdoor

Jul 24, 2023 2:44:05 PM / by The Hivemind posted in Threat Bulletin, ALPHV, Backdoor, Fin8, Sardonic

0 Comments

Related Families: ALPHV

Executive Summary

Fin8 was observed leveraging Sardonic backdoor to deliver ALPHV ransomware. 

Read More

PicassoLoader

Jul 21, 2023 2:15:50 PM / by The Hivemind posted in Ukraine, Threat Bulletin, Espionage, Belarus, Poland, PicassoLoader, GhostWriter

0 Comments

Verticals Targeted: Government, Military, Various

Executive Summary

PicassoLoader, a downloader, was observed targeting government, military, and civilian entities in Ukraine and Poland. CERT-UA attributed this activity to GhostWriter.

Read More

Vixen Panda's Graphican Backdoor

Jul 17, 2023 2:08:32 PM / by The Hivemind posted in Threat Bulletin, Financial, Government, China, Backdoor, Vixen Panda, Graphican

0 Comments

Related Families: Ketrican, BS2005
Verticals Targeted: Government, Financial

Executive Summary

Vixen Panda was recently observed using the Graphican backdoor to target government, financial, and other entities in the Americas and Europe. It is based on Ketrican and is one of many tools in Vixen Panda’s arsenal.

Read More

CVE-2022-31199 Used in Truebot Attacks

Jul 14, 2023 2:36:23 PM / by The Hivemind posted in Threat Bulletin, Cl0p, Downloader, FlawedGrace, CVE-2022-31199, Truebot

0 Comments

Related Families: Cl0p

Executive Summary

New Truebot variants have been observed on victim machines that were compromised using CVE-2022-31199. The activity is targeting entities in

Read More

Anatsa Android Banking Trojan

Jul 3, 2023 12:37:11 PM / by The Hivemind posted in Threat Bulletin, Banking, Financial, Android, Trojan, Banking Trojan, Anatsa

0 Comments

Verticals Targeted: Financial 

Executive Summary

Anatsa is a banking trojan targeting Android devices that is distributed through the Google Play store, disguised as a seemingly innocuous app.

Read More

Condi DDoS Botnet

Jun 30, 2023 3:05:33 PM / by The Hivemind posted in Threat Bulletin, DDoS, Mirai, Botnet, CVE-2023-1389, Condi

0 Comments

Related Families: Mirai

Executive Summary

Condi is a DDoS as a service botnet based on Mirai. It has been observed leveraging CVE-2023-1389 to propagate.

Read More

DcRAT Distributed Via Adult Content Themed Lures

Jun 26, 2023 1:57:42 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Infostealer, RAT, DcRAT, AsyncRAT

0 Comments

Related Families: AsyncRAT
Verticals Targeted: Consumer Services

Executive Summary

DcRAT is a clone of AsyncRAT and is used for remote access and stealing information. It also has ransomware capabilities. DcRAT has distributed via adult content-themed lures, including lures for OnlyFans pages.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More