The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Primitive Bear Using LNK Files to Deploy Remcos Backdoor Against Ukrainian Targets

Apr 4, 2025 2:48:44 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Primitive Bear, LNK, Gamaredon, Remcos

0 Comments

Related Families: Remcos

Executive Summary

Primitive Bear has been observed targeting Ukrainian users with malicious LNK files since at least November 2024. This operation employs a PowerShell downloader and DLL side-loading techniques to deliver the Remcos RAT, exploiting war-related themed lures to deceive victims.

Read More

Reaper Uses New TTPs to Drop RokRAT

May 15, 2023 2:27:27 PM / by The Hivemind posted in Threat Bulletin, RokRAT, Reaper, Ricochet Chollima, LNK

0 Comments

Related Families: CloudMensis, RambleOn

Executive Summary

Reaper was recently observed using new TTPs to drop RokRAT. The infection chain leveraged LNK files delivered via the energy sector and politic

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More