Executive Summary
Sonatype recently reported on Pymakfa, a malicious Python package in the PyPl registry dropping Cobalt Strike on macOS, Windows, and Linux.
Pymafka Targets macOS, Windows, Linux
Jun 17, 2022 11:17:39 AM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, Linux, Python, Pymafka, Cobalt Strike
Follina MSDT Vulnerability (CVE-2022-30190)
Jun 6, 2022 10:54:53 AM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, Follina, CVE-2022-30190, MS Office, MSDT
Background
Microsoft recently published an advisory on a newly identified zero-day vulnerability that affects Microsoft Support Diagnostic Tool (MSDT). CVE-2022-30190, which is being exploited in the wild, has been dubbed Follina by industry researcher Kevin Beaumont.
AvosLocker Ransomware
Mar 18, 2022 10:31:01 AM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, AvosLocker, Linux
Background
Qualys recently published a blog post on AvosLocker ransomware, which targets both Windows and Linux operating systems.
RedLine Stealer Delivered Via Fake Windows 11 Update
Mar 14, 2022 10:27:00 AM / by PolySwarm Tech Team posted in Threat Bulletin, Malware, RedLine Stealer, Microsoft, Windows, Infostealer
Background
Last month HP published research on RedLine Stealer, a stealer malware being delivered via fake Windows 11 updates. Almost a month later, RedLine Stealer continues to be active in the wild, with new samples surfacing over the past week.