From 9952366667f9bedc2b1afb1ed4c40223b0379bed Mon Sep 17 00:00:00 2001 From: Delta-Sierra Date: Fri, 14 Oct 2022 16:03:45 +0200 Subject: [PATCH] add Prynt Stealer & variants --- clusters/stealer.json | 80 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 79 insertions(+), 1 deletion(-) diff --git a/clusters/stealer.json b/clusters/stealer.json index 3627bfe..5ac032e 100644 --- a/clusters/stealer.json +++ b/clusters/stealer.json @@ -88,7 +88,85 @@ }, "uuid": "ebc1c15d-3e27-456e-9473-61d92d91bda8", "value": "HackBoss" + }, + { + "description": "Prynt Stealer is an information stealer that has the ability to capture credentials that are stored on a compromised system including web browsers, VPN/FTP clients, as well as messaging and gaming applications. Its developer based the malware code on open source projects including AsyncRAT and StormKitty. Prynt Stealer uses Telegram to exfiltrate data that is stolen from victims. Its author added a backdoor Telegram channel to collect the information stolen by other criminals.", + "meta": { + "refs": [ + "https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed" + ] + }, + "related": [ + { + "dest-uuid": "46bff4ad-09fe-4ac5-803e-daa3b73e3aaf", + "tags": [ + "estimative-language:likelihood-probability=\"very-likely\"" + ], + "type": "variant-of" + }, + { + "dest-uuid": "d410b534-07a4-4190-b253-f6616934bea6", + "tags": [ + "estimative-language:likelihood-probability=\"very-likely\"" + ], + "type": "variant-of" + } + ], + "uuid": "8f5a452a-4056-4004-bc9a-4c11cb8cf2b4", + "value": "Prynt Stealer" + }, + { + "description": "Nearly identical to Prynt Stealer with a few differences. DarkEye is not sold or mentioned publicly, however, it is bundled as a backdoor with a “free” Prynt Stealer builder.", + "meta": { + "refs": [ + "https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed" + ] + }, + "related": [ + { + "dest-uuid": "8f5a452a-4056-4004-bc9a-4c11cb8cf2b4", + "tags": [ + "estimative-language:likelihood-probability=\"very-likely\"" + ], + "type": "variant-of" + }, + { + "dest-uuid": "d410b534-07a4-4190-b253-f6616934bea6", + "tags": [ + "estimative-language:likelihood-probability=\"very-likely\"" + ], + "type": "variant-of" + } + ], + "uuid": "46bff4ad-09fe-4ac5-803e-daa3b73e3aaf", + "value": "DarkEye" + }, + { + "description": "Prynt Stealer variant that appear to be written by the same author. It is nearly identical to Prynt Stealer with a few minor differences. While Prynt Stealer is the most popular brand name for selling the malware, WorldWind payloads are the most commonly observed in-the-wild. ", + "meta": { + "refs": [ + "https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed" + ] + }, + "related": [ + { + "dest-uuid": "8f5a452a-4056-4004-bc9a-4c11cb8cf2b4", + "tags": [ + "estimative-language:likelihood-probability=\"very-likely\"" + ], + "type": "variant-of" + }, + { + "dest-uuid": "46bff4ad-09fe-4ac5-803e-daa3b73e3aaf", + "tags": [ + "estimative-language:likelihood-probability=\"very-likely\"" + ], + "type": "variant-of" + } + ], + "uuid": "d410b534-07a4-4190-b253-f6616934bea6", + "value": "WorldWind" } ], - "version": 8 + "version": 9 }