The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

BlackLotus UEFI Bootkit

Mar 10, 2023 12:13:45 PM / by The Hivemind posted in Threat Bulletin, Windows, UEFI, CVE-2022-21894, BlackLotus, Bootkit, Windows 11, Baton Drop

0 Comments

Executive Summary

BlackLotus is the first known bootkit to bypass UEFI Secure Boot on fully updated Windows 11 systems. It leverages CVE-2022-21894 to bypass UEFI Secure Boot.

Read More

Luca Stealer

Aug 8, 2022 3:41:00 PM / by PolySwarm Team posted in Threat Bulletin, Stealer, Windows, Rust, Luca Stealer

0 Comments



Executive Summary

Cyble recently reported on Luca Stealer, a Rust based stealer malware targeting Windows.

Key Takeaways

Read More

Raspberry Robin

Aug 1, 2022 2:21:21 PM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, LNK Worm, Raspberry Robin, QNAP

0 Comments



Executive Summary

Cybereason recently reported on Raspberry Robin, a worm that uses LNK shortcuts to lure victims and leverages compromised QNAP devices as stagers.

Read More

Black Basta Ransomware

Jul 5, 2022 3:33:54 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, Windows, Linux, Black Basta, Qbot

0 Comments



Executive Summary

Cybereason recently reported on Black Basta ransomware, which has claimed around 50 victims so far, making it a prominent threat.

Read More

Pymafka Targets macOS, Windows, Linux

Jun 17, 2022 2:17:39 PM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, Linux, Python, Pymafka, Cobalt Strike

0 Comments



Executive Summary

Sonatype recently reported on Pymakfa, a malicious Python package in the PyPl registry dropping Cobalt Strike on macOS, Windows, and Linux.

Read More

Follina MSDT Vulnerability (CVE-2022-30190)

Jun 6, 2022 1:54:53 PM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, Follina, CVE-2022-30190, MS Office, MSDT

0 Comments



Background

Microsoft recently published an advisory on a newly identified zero-day vulnerability that affects Microsoft Support Diagnostic Tool (MSDT). CVE-2022-30190, which is being exploited in the wild, has been dubbed Follina by industry researcher Kevin Beaumont.

Read More

AvosLocker Ransomware

Mar 18, 2022 1:31:01 PM / by PolySwarm Tech Team posted in Threat Bulletin, Windows, AvosLocker, Linux

0 Comments



Background

Qualys recently published a blog post on AvosLocker ransomware, which targets both Windows and Linux operating systems.

Read More

RedLine Stealer Delivered Via Fake Windows 11 Update

Mar 14, 2022 1:27:00 PM / by PolySwarm Tech Team posted in Threat Bulletin, Malware, RedLine Stealer, Microsoft, Windows, Infostealer

0 Comments



Background

Last month HP published research on RedLine Stealer, a stealer malware being delivered via fake Windows 11 updates. Almost a month later, RedLine Stealer continues to be active in the wild, with new samples surfacing over the past week.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More