The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Evasive Panda Updates Its Arsenal

Jul 29, 2024 2:04:16 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, Evasive Panda

0 Comments

Related Families: Macma, Suzafk
Verticals Targeted: NGO

Executive Summary

Evasive Panda recently updated its arsenal to include new TTPs and updated versions of existing malware. They were also observed using a shared framework for malware targeting Windows, Linux, MacOS, and Android systems.

Read More

BloodAlchemy Targeted Government Entities in Asia

Jun 3, 2024 1:36:40 PM / by The Hivemind posted in Threat Bulletin, Government, China, Backdoor, Deed RAT, Asia, APAC, ShadowPad, BloodAlchemy

0 Comments

Related Families: ShadowPad, Deed RAT
Verticals Targeted: Government 

Read More

Cuttlefish Targeting SOHO Routers

May 10, 2024 2:07:32 PM / by The Hivemind posted in Threat Bulletin, China, Cuttlefish, HiatusRat, SOHO routers

0 Comments

Related Families: HiatusRat
Targeted Verticals: Telecommunications, Various

Executive Summary

Cuttlefish is a recently discovered modular malware platform observed targeting networking equipment, including enterprise grade SOHO routers.

Read More

Evasive Panda's Nightdoor Backdoor

Mar 22, 2024 2:57:50 PM / by The Hivemind posted in Threat Bulletin, China, Backdoor, Evasive Panda, Nightdoor, MgBot

0 Comments

Related Families: MgBot

Executive Summary

Evasive Panda was recently observed targeting Tibetans using a combination of strategic web compromise and supply chain attacks to deliver Nightdoor.

Read More

Mustang Panda Used DOPLUGS PlugX Variant to Target Asia

Mar 1, 2024 12:24:02 PM / by The Hivemind posted in Threat Bulletin, China, Asia, APAC, DOPLUGS, Mustang Panda, SMUGX

0 Comments

Related Families: KillSomeOne, PlugX, Hodur, REDDELTA

Executive Summary

Mustang Panda was observed leveraging DOPLUGS to target entities in Asia. DOPLUGS is a custom PlugX variant.

Read More

Volt Typhoon's KV-Botnet

Jan 22, 2024 1:38:21 PM / by The Hivemind posted in Threat Bulletin, APT, Critical Infrastructure, China, Linux, Volt Typhoon, KV-Botnet

0 Comments

Verticals Targeted: Government

Executive Summary

Volt Typhoon was observed compromising Cisco RV325 devices with KV-Botnet.

Read More

The Evolution of BPFDoor

Jul 28, 2023 2:38:39 PM / by The Hivemind posted in Threat Bulletin, China, Backdoor, Red Menshen, BPFDoor

0 Comments

Executive Summary

Read More

Vixen Panda's Graphican Backdoor

Jul 17, 2023 2:08:32 PM / by The Hivemind posted in Threat Bulletin, Financial, Government, China, Backdoor, Vixen Panda, Graphican

0 Comments

Related Families: Ketrican, BS2005
Verticals Targeted: Government, Financial

Executive Summary

Vixen Panda was recently observed using the Graphican backdoor to target government, financial, and other entities in the Americas and Europe. It is based on Ketrican and is one of many tools in Vixen Panda’s arsenal.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More