The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Emotet’s New TTPs

Feb 13, 2023 12:26:57 PM / by The Hivemind posted in Threat Bulletin, IcedID, Bumblebee, Emotet, xls

0 Comments

Related Families: Bumblebee, IcedId
Verticals Targeted: Financial

Executive Summary

BlackBerry recently reported on Emotet’s new TTPs, including new email lures, IcedID, and Bumblebee as secondary payloads and evasion methods.

Read More

Mimic Ransomware

Feb 7, 2023 12:25:08 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Mimic, Everything.exe, Conti

0 Comments

Related Families: Conti

Executive Summary

Trend Micro recently reported on Mimic ransomware, a ransomware family that abuses Everything APIs.

Key Takeaways

Read More

Roaming Mantis Wroba.o Android Malware

Feb 3, 2023 1:20:46 PM / by The Hivemind posted in Threat Bulletin, Android, Shaoye, Xloader, Roaming Mantis, DNS, Wroba.o

0 Comments

Related Families: Wroba.o, Xloader

Executive Summary

Kaspersky SecureList recently reported on a Roaming Mantis campaign using Wroba.o with DNS hijacking to infect routers and Android devices.

Key Takeaways

Read More

Hook Android Banking Trojan

Jan 31, 2023 12:25:40 PM / by The Hivemind posted in Threat Bulletin, Banking, Android, RAT, Trojan, Hook, Ermac, DukeEugene

0 Comments

Related Families: Ermac
Verticals Targeted: Financial

Executive Summary

Threat Fabric recently reported on Hook, an Android banking trojan that is a fork of Ermac.

Read More

Malicious Lolip0p PyPI Packages Drop Wacatac

Jan 27, 2023 2:58:20 PM / by The Hivemind posted in Threat Bulletin, PyPI, Supply Chain Attack, Lolip0p, Wacatac

0 Comments

Related Families: Wacatac

Executive Summary

Fortinet recently reported on a supply chain attack in which threat actors leveraged a 0-day attack embedded in three PyPI packages to deliver Wacatac.

Read More

Fake Cracked Software Sites Delivering Stealers

Jan 24, 2023 11:02:41 AM / by PolySwarm Tech Team posted in Threat Bulletin, Stealer, Infostealer, Racoon

0 Comments

Related Families: Raccoon, Vidar

Executive Summary

Sekoia recently reported on a campaign leveraging fake cracked software sites to deliver information stealers, including Raccoon and Vidar.

Read More

Recent Turla Activity Targeting Ukraine

Jan 19, 2023 12:39:38 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Espionage, Venomous Bear, Andromeda, Kopiluwak, Turla, QuietCanary

0 Comments

Related Families: Andromeda, Kopiluwak, QuietCanary

Executive Summary

Mandiant recently reported on a Turla campaign targeting Ukraine. The threat actors used multiple malware families in this campaign, including Kopiluwak, QuietCanary, and Andromeda.

Read More

2023 Malware to Watch

Jan 17, 2023 1:31:56 PM / by The Hivemind posted in Threat Bulletin, Malware, 2023, Threat Landscape

0 Comments



Executive Summary

This threat bulletin features PolySwarm’s top malware to watch in 2023, as chosen by our analysts.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More