The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

PicassoLoader

Jul 21, 2023 2:15:50 PM / by The Hivemind posted in Ukraine, Threat Bulletin, Espionage, Belarus, Poland, PicassoLoader, GhostWriter

0 Comments

Verticals Targeted: Government, Military, Various

Executive Summary

PicassoLoader, a downloader, was observed targeting government, military, and civilian entities in Ukraine and Poland. CERT-UA attributed this activity to GhostWriter.

Read More

RedStinger Targets Critical Infrastructure

May 22, 2023 3:49:00 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Government, Critical Infrastructure, Transportation, Bad Magic

0 Comments

Related Families: DboxShell, PowerMagic
Verticals Targeted:
Defense, Critical Infrastructure, Transportation 

Executive Summary

RedStinger, a relatively unknown threat actor group, targeted multiple entities in Ukraine, including those in the defense, transportation, and critical infrastructure verticals.

Read More

Recent Turla Activity Targeting Ukraine

Jan 19, 2023 12:39:38 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Espionage, Venomous Bear, Andromeda, Kopiluwak, Turla, QuietCanary

0 Comments

Related Families: Andromeda, Kopiluwak, QuietCanary

Executive Summary

Mandiant recently reported on a Turla campaign targeting Ukraine. The threat actors used multiple malware families in this campaign, including Kopiluwak, QuietCanary, and Andromeda.

Read More

PolySwarm 2022 Recap - War of the Wipers

Dec 15, 2022 1:04:25 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Wiper, 2022 Recap

0 Comments

Related Families: DoubleZero, IsaacWiper, HermeticWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, Azov, CryWiper

Verticals Targeted: defense, government, judicial, telecommunications, energy, non-profit

Executive Summary

In 2022, we observed a significant increase in the number of wiper malware families active in the wild. The majority of this activity appears to be motivated by or conducted in conjunction with the ongoing kinetic warfare taking place between Russia and Ukraine. In this report, we focus on wipers that seem to be connected to the Russia-Ukraine conflict.

Key Takeaways

  • In 2022, we observed a significant increase in the number of wiper malware families active in the wild. Many of these appear to be related to the Russia-Ukraine conflict.
  • These families include DoubleZero, HermeticWiper, IsaacWiper, CaddyWiper, WhisperGate, AcidRain, Industroyer2, Azov, and CryWiper. 
  • The majority of these wiper families targeted entities in Ukraine, while at least one targeted entities in Russia.
Read More

Azov Ransomware Built to Wipe Data

Nov 17, 2022 1:36:37 PM / by PolySwarm Tech Team posted in Ukraine, Threat Bulletin, Ransomware, Azov

0 Comments



Executive Summary

Azov ransomware is a recently discovered malware family being distributed through pirated software, keygens, and adware bundles. It acts as a wiper and is capable of backdooring 64-bit executables. It also uses a unique pattern for overwriting files.

Read More

Prestige Ransomware

Nov 3, 2022 2:37:56 PM / by PolySwarm Tech Team posted in Ukraine, Threat Bulletin, Ransomware, Poland, Prestige

0 Comments

Verticals Targeted: Transportation, Logistics

Executive Summary

Microsoft Threat Intelligence Center recently reported on Prestige ransomware. A novel ransomware family used to target entities in Ukraine and Poland in October 2022.

Read More

New Armageddon Activity Targets Ukraine

Sep 22, 2022 12:45:11 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, Infostealer, Armageddon, Gameredon, Primitive Bear, Shuckworm

0 Comments



Executive Summary

Cisco Talos researchers recently reported on new activity perpetrated by Russian nexus threat actor group Armageddon. The group is using a new infostealer to target entities in Ukraine.


Key Takeaways

Read More

New ArguePatch Variant Spotted

May 31, 2022 3:03:49 PM / by PolySwarm Tech Team posted in Ukraine, Russia, Threat Bulletin, CaddyWiper, Industroyer2, Sandworm, Voodoobear, ArguePatch

0 Comments



Background

ESET recently tweeted about a new version of ArguePatch, a malware loader used by VooDoo Bear (Sandworm) in multiple attacks against Ukrainian assets. ESET also gave an overview of the new version of ArguePatch on their WeLiveSecurity blog.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts