The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Ricochet Chollima Using KoSpy Android Spyware

Mar 17, 2025 1:34:36 PM / by The Hivemind posted in Threat Bulletin, Espionage, North Korea, Android, Spyware, Ricochet Chollima, KoSpy, APT37

0 Comments

Executive Summary

KoSpy is a sophisticated Android spyware linked to North Korean threat actor Ricochet Chollima. It has been targeting Korean and English-speaking users since March 2022.

Read More

Lotus Panda Uses Sagerunex to Target Multiple Verticals

Mar 10, 2025 2:08:01 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, Lotus Panda, Lotus Blossom, Sagerunex

0 Comments

Verticals Targeted: Government, Telecommunications, Media, Manufacturing 

Read More

Voldemort

Sep 9, 2024 12:52:20 PM / by The Hivemind posted in Threat Bulletin, Espionage, Backdoor, Voldemort

0 Comments

Verticals Targeted: Insurance, Aerospace, Transportation, Education, Finance, Technology, Healthcare, Automotive, Hospitality, Energy, Government, Media, Manufacturing, Telecommunications 

Executive Summary

An espionage campaign delivering the Voldemort backdoor was recently observed targeting over 70 organizations. The campaign uses a novel attack chain to deliver the malware, leveraging Google Sheets for command and control (C2).

Read More

Silent Chollima's Espionage Activity

Aug 2, 2024 2:15:57 PM / by The Hivemind posted in Threat Bulletin, Espionage, North Korea, Dtrack, Dora RAT, TigerRAT, Silent Chollima, SmallTiger

0 Comments

Related Families: Dtrack, Dora RAT, TigerRAT, SmallTiger, LightHand, ValidAlpha
Verticals Targeted: Military, Defense, Engineering, Technology, Education, Construction, Manufacturing, Gambling, Energy

Executive Summary

Last week, the US Department of Justice (DOJ) indicted Rim Jong Hyok, an individual allegedly affiliated with Silent Chollima. The group has been active since at least 2014 and is known to conduct espionage operations on behalf of North Korea.

Read More

Evasive Panda Updates Its Arsenal

Jul 29, 2024 2:04:16 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, Evasive Panda

0 Comments

Related Families: Macma, Suzafk
Verticals Targeted: NGO

Executive Summary

Evasive Panda recently updated its arsenal to include new TTPs and updated versions of existing malware. They were also observed using a shared framework for malware targeting Windows, Linux, MacOS, and Android systems.

Read More

New CapraRAT Activity

Jul 12, 2024 2:44:05 PM / by The Hivemind posted in Threat Bulletin, Espionage, Android, CapraRAT, Spyware, Mobile, Surveillance

0 Comments

Executive Summary

Pakistan-based threat actor group Mythic Leopard was recently observed using new CapraRAT samples to expand their targeting.

Read More

DISGOMOJI Linux RAT Controlled Via Discord Emojis

Jun 24, 2024 3:02:07 PM / by The Hivemind posted in Threat Bulletin, Espionage, India, Pakistan, Government, RAT, Discord, DISGOMOJI

0 Comments

Verticals Targeted: Government

Executive Summary

DISGOMOJI is a RAT controlled via emojis sent over Discord. It was recently observed targeting government entities in India.

Read More

Velvet Chollima Using Gomir Linux Backdoor

May 24, 2024 11:58:05 AM / by The Hivemind posted in Threat Bulletin, Espionage, North Korea, Linux, Kimsuky, GoBear, Velvet Chollima, Gomir, Troll Stealer

0 Comments

Related Families: GoBear, Troll Stealer, BetaSeed, Endor
Verticals Targeted: Government 

Executive Summary

North Korea nexus threat actor group Velvet Chollima was observed using a new Linux backdoor, dubbed Gomir, to target entities in South Korea.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More