The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

CatB Ransomware

Mar 28, 2023 3:49:33 PM / by The Hivemind posted in Threat Bulletin, Ransomware, CatB, CatB99, Baxtoy, Pandora

0 Comments

Related Families: Pandora

Executive Summary

Sentinel One recently reported on CatB ransomware. CatB, also known as CatB99 or Baxtoy, was first seen in the wild in late 2022.

Read More

YoroTrooper Targeting Energy & Government Entities

Mar 24, 2023 2:58:36 PM / by The Hivemind posted in Threat Bulletin, Government, Healthcare, YoroTrooper, CIS, Energy

0 Comments

Related Families: Custom Python tools, AveMaria, Warzone RAT, LodaRAT, Stink
Verticals Targeted: Energy, Government, Healthcare


Executive Summary

YoroTrooper is a threat actor group observed targeting energy and government entities and an EU healthcare organization. Although YoroTrooper uses commodity and open-source tools, most of their final payloads are custom developed.

Read More

Exfiltrator-22 Framework

Mar 21, 2023 2:09:02 PM / by The Hivemind posted in Threat Bulletin, LockBit, Lockbit 3.0, Exfiltrator-22, EX-22, framework

0 Comments

Related Families: LockBit, LockBit 3.0
Verticals Targeted: Multiple 

Executive Summary

CYFIRMA recently reported on Exfiltrator-22, also known as EX-22, a new post-exploitation framework capable of spreading ransomware while evading detection.

Key Takeaways

  • Exfiltrator-22, also known as EX-22, is a new post-exploitation framework capable of spreading ransomware while evading detection. 
  • Exfiltrator-22, which is a framework-as-a-service, is designed to primarily target corporate networks.
  • Analysts at CYFIRMA have linked Exfiltrator-22 to former LockBit 3.0 affiliates.

Read More

IceFire Ransomware Linux Variant

Mar 17, 2023 2:56:51 PM / by The Hivemind posted in Threat Bulletin, Ransomware, IceFire, CVE-2022-47986

0 Comments

Verticals Targeted: media, entertainment

Executive Summary

Sentinel Labs recently reported on a new Linux variant of IceFire ransomware. The threat actors responsible for IceFire exploit CVE-2022-47986 to deploy the ransomware. 

Read More

SysUpdate Linux Variant

Mar 14, 2023 3:30:50 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, RAT, Trojan, SysUpdate, Iron Tiger, Emissary Panda, APT27

0 Comments

Verticals Targeted: Gambling

Executive Summary

Trend Micro recently reported on a new Linux variant of Emissary Panda’s SysUpdate. SysUpdate is one of Emissary Panda’s custom tools. 

Read More

BlackLotus UEFI Bootkit

Mar 10, 2023 12:13:45 PM / by The Hivemind posted in Threat Bulletin, Windows, UEFI, CVE-2022-21894, BlackLotus, Bootkit, Windows 11, Baton Drop

0 Comments

Executive Summary

BlackLotus is the first known bootkit to bypass UEFI Secure Boot on fully updated Windows 11 systems. It leverages CVE-2022-21894 to bypass UEFI Secure Boot.

Read More

Parallax RAT Targeting Crypto

Mar 7, 2023 11:36:09 AM / by The Hivemind posted in Threat Bulletin, Cryptocurrency, RAT, Parallax, ParallaxRat

0 Comments

Verticals Targeted: Cryptocurrency, DeFi, Finance 

Executive Summary

Uptycs recently reported on activity in which threat actors used Parallax RAT to target entities in the cryptocurrency sector.

Read More

Royal Ransomware Linux Variant

Mar 3, 2023 1:25:10 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Royal

0 Comments

Verticals Targeted: IT, Financial, Materials, Healthcare, Food Production 

Executive Summary

Trend Micro recently reported on a new Linux variant of Royal ransomware that targets Linux systems and  ESXi servers. Royal ransomware is yet another contender among the many ransomware families now targeting Linux systems.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More