The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

RustyWater: Muddy Water’s Rust-Based Implant

Jan 16, 2026 1:42:59 PM / by The Hivemind posted in Threat Bulletin, APT, Muddy Water, Spear Phishing, Rust Malware, Middle East targeting, RustyWater, RUSTRIC, Rust implant, Archer RAT

0 Comments

Verticals Targeted: Diplomatic, Maritime, Financial, Telecom
Regions Targeted: Middle East
Related Families: Archer RAT / RUSTRIC

Executive Summary

A spear-phishing campaign linked to the Muddy Water APT group was observed deploying a new Rust-based implant called RustyWater against organizations in the Middle East. This evolution from legacy PowerShell and VBS tooling introduces enhanced modularity, anti-analysis features, and asynchronous command-and-control capabilities.

Read More

Transparent Tribe Evolves Tradecraft With Multi-Stage LNK Malware

Jan 12, 2026 1:55:19 PM / by The Hivemind posted in Threat Bulletin, APT36, Spear Phishing, Remote Access Trojan, cyber espionage, LNK Malware

0 Comments

Verticals Targeted: Government, Academia
Regions Targeted: India
Related Families: None

Executive Summary

APT36, also known as Transparent Tribe, a Pakistan-aligned threat actor, has launched a targeted cyber espionage campaign against Indian governmental, academic, and strategic entities using sophisticated deception techniques. The operation delivers a multi-stage Remote Access Trojan (RAT) through a weaponized LNK file disguised as a PDF, enabling persistent access, surveillance, and data exfiltration with minimal detection risk. The campaign has targeted government, academic, and strategic entities in India.

Read More

Nimbus Manticore’s Evolving Cyberespionage Campaign

Sep 29, 2025 2:53:45 PM / by The Hivemind posted in Threat Bulletin, Telecommunications, Spear Phishing, malware obfuscation, DLL sideloading, Iranian APT, Nimbus Manticore, MiniJunk, MiniBrowse, defense manufacturing

0 Comments

Verticals Targeted: Defense Manufacturing, Telecommunications, Aerospace
Regions Targeted: Western Europe, Middle East
Related Families: MiniJunk, MiniBrowse

Executive Summary

Nimbus Manticore, an Iranian APT group, has intensified its cyberespionage campaign targeting defense, telecommunications, and aerospace sectors in Western Europe and the Middle East, deploying advanced malware such as MiniJunk and MiniBrowse via sophisticated spear-phishing and DLL sideloading techniques. The group’s focus on stealth, obfuscation, and resilient infrastructure underscores its alignment with IRGC strategic priorities.

Read More

Atomic Stealer Evolves

Jul 25, 2025 2:47:25 PM / by The Hivemind posted in Threat Bulletin, Malware-As-A-Service, Evolving Threat, Spear Phishing, Cryptocurrency Theft, macOS security, Atomic macOS Stealer, AMOS malware, macOS backdoor, persistent access, Moonlock cybersecurity

0 Comments

Verticals Targeted: Cryptocurrency, Freelancers, Artists
Regions Targeted: United States, France, Italy, United Kingdom, Canada, others
Related Families: None

Read More

Wicked Panda Targets Government Entities, Uses Google Calendar for C2

Jun 6, 2025 2:50:40 PM / by The Hivemind posted in Threat Bulletin, APT41, Wicked Panda, TOUGHPROGRESS malware, Google Calendar C2, Spear Phishing, Government Cyberattack, Chinese Cyber Espionage, Cloud Service Abuse, Malware Analysis, Data Exfiltration

0 Comments

Verticals Targeted: Government
Regions Targeted: Not specified
Related Families: VOLDEMORT, DUSTTRAP

Executive Summary

Wicked Panda, a Chinese state-sponsored threat actor, deployed TOUGHPROGRESS malware, exploiting Google Calendar for stealthy command-and-control operations targeting government entities. This campaign underscores the group’s innovative abuse of cloud services to evade detection and maintain persistent access.  

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More