Merge pull request #785 from Delta-Sierra/main

add Prynt Stealer & variants
This commit is contained in:
Alexandre Dulaunoy 2022-10-14 22:56:45 +02:00 committed by GitHub
commit 55b721a422
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -88,7 +88,85 @@
}, },
"uuid": "ebc1c15d-3e27-456e-9473-61d92d91bda8", "uuid": "ebc1c15d-3e27-456e-9473-61d92d91bda8",
"value": "HackBoss" "value": "HackBoss"
},
{
"description": "Prynt Stealer is an information stealer that has the ability to capture credentials that are stored on a compromised system including web browsers, VPN/FTP clients, as well as messaging and gaming applications. Its developer based the malware code on open source projects including AsyncRAT and StormKitty. Prynt Stealer uses Telegram to exfiltrate data that is stolen from victims. Its author added a backdoor Telegram channel to collect the information stolen by other criminals.",
"meta": {
"refs": [
"https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed"
]
},
"related": [
{
"dest-uuid": "46bff4ad-09fe-4ac5-803e-daa3b73e3aaf",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "variant-of"
},
{
"dest-uuid": "d410b534-07a4-4190-b253-f6616934bea6",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "variant-of"
} }
], ],
"version": 8 "uuid": "8f5a452a-4056-4004-bc9a-4c11cb8cf2b4",
"value": "Prynt Stealer"
},
{
"description": "Nearly identical to Prynt Stealer with a few differences. DarkEye is not sold or mentioned publicly, however, it is bundled as a backdoor with a “free” Prynt Stealer builder.",
"meta": {
"refs": [
"https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed"
]
},
"related": [
{
"dest-uuid": "8f5a452a-4056-4004-bc9a-4c11cb8cf2b4",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "variant-of"
},
{
"dest-uuid": "d410b534-07a4-4190-b253-f6616934bea6",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "variant-of"
}
],
"uuid": "46bff4ad-09fe-4ac5-803e-daa3b73e3aaf",
"value": "DarkEye"
},
{
"description": "Prynt Stealer variant that appear to be written by the same author. It is nearly identical to Prynt Stealer with a few minor differences. While Prynt Stealer is the most popular brand name for selling the malware, WorldWind payloads are the most commonly observed in-the-wild. ",
"meta": {
"refs": [
"https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed"
]
},
"related": [
{
"dest-uuid": "8f5a452a-4056-4004-bc9a-4c11cb8cf2b4",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "variant-of"
},
{
"dest-uuid": "46bff4ad-09fe-4ac5-803e-daa3b73e3aaf",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "variant-of"
}
],
"uuid": "d410b534-07a4-4190-b253-f6616934bea6",
"value": "WorldWind"
}
],
"version": 9
} }