The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Prestige Ransomware

Nov 3, 2022 2:37:56 PM / by PolySwarm Tech Team posted in Ukraine, Threat Bulletin, Ransomware, Poland, Prestige

0 Comments

Verticals Targeted: Transportation, Logistics

Executive Summary

Microsoft Threat Intelligence Center recently reported on Prestige ransomware. A novel ransomware family used to target entities in Ukraine and Poland in October 2022.

Read More

SideWinder WarHawk Backdoor

Oct 31, 2022 1:16:52 PM / by PolySwarm Tech Team posted in Threat Bulletin, India, Pakistan, Backdoor, Sidewinder, WarHawk

0 Comments



Executive Summary

Zscaler recently reported on WarHawk, a new backdoor used by the Indian threat actor group SideWinder.

Read More

Cyber Threats to Aviation and Aerospace

Oct 25, 2022 5:02:07 PM / by PolySwarm Tech Team posted in Russia, Threat Bulletin, China, Ransomware, Aerospace, Hacktivism, Aviation, Data Theft, Killnet, Phishing

0 Comments



Executive Summary

The aviation and aerospace verticals face numerous challenges in the form of cyber threats. This report gives an overview of the different threat actor motivations to target aviation and aerospace and the types of threats to these verticals.

Read More

Earth Aughisky's Malware Arsenal

Oct 24, 2022 1:58:51 PM / by PolySwarm Tech Team posted in Threat Bulletin, Roudan, GrubbyRAT, Earth Aughisky, Taidoor, LuckDLL, Taikite, SiyBot, Taleret, Serkdes, Buxzop

0 Comments

Related Families: Roudan/Taidoor, LuckDLL, GrubbyRAT, Taikite, SiyBot, Taleret, Serkdes, Buxzop

Verticals Targeted: Government, Technology, Transportation, Telecommunications, Manufacturing, Healthcare, Heavy Industries

Executive Summary

Trend Micro recently reported on Earth Aughisky and the myriad of tools used by this threat actor group.

Read More

Emotet Observed Using New TTPs

Oct 20, 2022 11:06:46 AM / by PolySwarm Tech Team posted in Threat Bulletin, Banking, Loader, Trojan, Botnet, Emotet

0 Comments

Related Families: TrickBot, Ryuk, QakBot, Zloader, Quantum, BlackCat

Read More

RatMilad Android Spyware

Oct 17, 2022 11:17:37 AM / by PolySwarm Tech Team posted in Threat Bulletin, Android, Spyware, RatMilad

0 Comments

Executive Summary

Zimperium recently reported on RatMilad, spyware targeting Android devices.

Read More

Harly Android Trojan Subscriber

Oct 13, 2022 1:33:22 PM / by PolySwarm Tech Team posted in Threat Bulletin, Android, Harly, Subscriber, Trojan

0 Comments

Related Families: Jocker

Executive Summary

Kaspersky recently reported on Harly, a trojan subscriber targeting Android devices. Harly can subscribe a victim to a paid service without their knowledge or consent.

Key Takeaways

Read More

North Korean Threat Actors Living Off the Land

Oct 11, 2022 12:47:31 PM / by PolySwarm Tech Team posted in Threat Bulletin, Lazarus, North Korea, LoTL, APT 38, Living off the land, ZataNile, EventHorizon

0 Comments

Related Families: ZetaNile (BlindingCan), EventHorizon

Verticals Targeted: Media, Defense, IT Services, Aerospace

Executive Summary

Microsoft recently reported on North Korean threat actor group Lazarus using living off the land (LOTL) techniques to target multiple verticals. Weaponization of legitimate tools includes SSH clients PuTTY and KiTTY, as well as TightVNC Viewer, Sumatra PDF reader, and muPDF/Subliminal Recording installer.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More