The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

New Armageddon Activity Targets Ukraine

Sep 22, 2022 12:45:11 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Infostealer, Armageddon, Gameredon, Primitive Bear, Shuckworm

0 Comments



Executive Summary

Cisco Talos researchers recently reported on new activity perpetrated by Russian nexus threat actor group Armageddon. The group is using a new infostealer to target entities in Ukraine.

Key Takeaways

Read More

Kimsuky GoldDragon C2 Cluster

Sep 19, 2022 2:06:44 PM / by PolySwarm Tech Team posted in Threat Bulletin, Espionage, North Korea, Kimsuky, GoldDragon

0 Comments

Verticals Targeted: Think Tanks, Media, Government

Executive Summary

In early 2022, the North Korean threat actor group Kimsuky targeted a South Korean think tank and media entities. In this campaign, they leveraged what is known as the GoldDragon backdoor and associated C2 cluster.

Key Takeaways

Read More

Shikitega Linux Malware

Sep 15, 2022 1:51:05 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, Shikitega, CVE-2021-4034, CVE-2021-3493

0 Comments



Executive Summary

In our 2021 Year in Review, we predicted a rise in Linux malware for 2022. AT&T Alien Labs recently reported on Shikitega, a new Linux malware with stealth capabilities.

Key Takeaways

Read More

DarkAngels Linux Ransomware

Sep 12, 2022 1:45:13 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, Linux, DarkAngels

0 Comments

Related families: Babuk

Executive Summary

Uptycs recently reported on a new DarkAngels Linux ransomware variant that appears to still be in development.

Read More

Charming Kitten Hyperscrape Tool

Sep 9, 2022 1:13:55 PM / by PolySwarm Tech Team posted in Threat Bulletin, Iran, Hyperscrape, Scraper, Charming Kitten, APT35

0 Comments



Executive Summary

Google’s Threat Analysis Group (TAG) recently reported on Hyperscrape, a new data extraction tool used by the Iranian nexus threat actor group Charming Kitten.

Key Takeaways

Read More

Agenda Ransomware

Sep 6, 2022 3:11:38 PM / by PolySwarm Tech Team posted in Threat Bulletin, Agenda Ransomware, GoLang

0 Comments

Related Families: Black Basta, Black Matter, REvil

Verticals Targeted: healthcare, education

Executive Summary

Trend Micro recently reported on Agenda Ransomware, a tailored ransomware written in GoLang.

Read More

Lightning Framework

Sep 1, 2022 12:30:19 PM / by PolySwarm Tech Team posted in Threat Bulletin, Linux, Lightning Framework

0 Comments



Executive Summary

Intezer recently reported on Lightning Framework, a Linux malware with modular plugins and the ability to install rootkits.

Key Takeaways

Read More

GwisinLocker

Aug 29, 2022 2:33:33 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, GwisinLocker, South Korea

0 Comments

Verticals Targeted: pharmaceutical, healthcare, industrial

Executive Summary

Ahnlab recently reported on GwisinLocker, a multi-platform ransomware targeting multiple verticals in South Korea.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More