The PolySwarm Blog

Related Families: BazarLoader, BazaLoader

Executive Summary

BumbleBee is a sophisticated loader. It was first seen in the wild in 2022 and was a replacement for BazarLoader. It recently re-emerged with a new infection chain, indicating an evolving threat.

Verticals Targeted: Financial

Executive Summary

DarkGate was observed in early 2024 in a campaign leveraging CVE-2024-21412 to target entities in the financial vertical.

Executive Summary

BunnyLoader malware as a service (MaaS) released its latest variant, BunnyLoader 3.0, in February. BunnyLoader 3.0 boasts multiple improvements, including a reduced payload size, keylogging capabilities, and a modular structure.

Executive Summary

AresLoader is a loader malware-as-a-service (MaaS) active in the wild since at least November 2022. AresLoader is designed to masquerade as legitimate software, while covertly downloading malicious payloads.

Executive Summary

BunnyLoader is a recently discovered malware-as-a-service (MaaS) threat being sold on multiple forums. It was released in September 2023 and appears to be under active development, with feature updates and bug fixes available.

Verticals Targeted: Government

Executive Summary

Symantec recently reported on Spyder Loader, a tool used by Chinese nexus state-sponsored threat actor group Winnti to target government entities in Hong Kong.

Related Families: TrickBot, Ryuk, QakBot, Zloader, Quantum, BlackCat

Related Families: BazarLoader, BazaLoader, Conti, BazarBackdoor, Trickbot, Diavol, Sliver, Bokbot, Meterpreter, Cobalt Strike

Verticals Targeted: Multiple

Executive Summary

Earlier this month, Palo Alto’s Unit 42 reported on recent activity leveraging Bumblebee. Unit 42 observed activity by multiple threat actors, including Projector Libra.