This release consists of the following:
- Onimai RAT: 79b8fc1a3f8b68775a9417cf634f5935
- Prysmax Stealer
- PySelfDecryptor Crypter (CT named malware):
- PySelfDecryptor + Prysmax Stealer: 0df3ec1c0794c8f7b417eecef9ea8089
- PySelfDecryptor + 44 Caliber Stealer: 54df711f98158396217589d7812e920a
- HeadersLoop loader (CT named malware):
- HeadersLoop + Prysmax Stealer: b2c7bc794eacd3fb726a4a314c716ca2
- SlowStepper malware: e2bc2361ead7c80eba86a5d1c492865d
- AutocRAT malware: loader, implant, and downloader
- Loader + Implant: 0026f8131f89d839f28370f4a66e66df
- Loader + Downloader: 05f10164c7e9811f601b9f766de89110
- Tools observed with Lotus Blossom APT:
- Venom Proxy Tool (pre-configured version): 347c4417bec9a84b34fac53e105b4753
- Cookie Stealer: b3f1c3f5ec2cb9a72fd76af13d8b2cec
- Updates to the following parsers for observed variances:
- ToneShell backdoor
- FunkLocker Ransomware
- DBatLoader (aka ModiLoader) Crypter and Loader/Downloader
- DBatLoader + Remcos: f9045c656ab7ff9a9dfb1a7cb45fdf98
- DBatLoader + Nova: dbd0a1df20a636c186e2dd360649fc50