Merge pull request #785 from Delta-Sierra/main

add Prynt Stealer & variants
2022-10-14 22:56:45 +02:00 · 2022-10-14 22:56:45 +02:00 · 55b721a422
parent 6ac0f27cae 9952366667
commit 55b721a422
1 changed files with 79 additions and 1 deletions
--- a/clusters/stealer.json
+++ b/clusters/stealer.json
@ -88,7 +88,85 @@
      },
      "uuid": "ebc1c15d-3e27-456e-9473-61d92d91bda8",
      "value": "HackBoss"
+    },
+    {
+      "description": "Prynt Stealer is an information stealer that has the ability to capture credentials that are stored on a compromised system including web browsers, VPN/FTP clients, as well as messaging and gaming applications. Its developer based the malware code on open source projects including AsyncRAT and StormKitty. Prynt Stealer uses Telegram to exfiltrate data that is stolen from victims. Its author added a backdoor Telegram channel to collect the information stolen by other criminals.",
+      "meta": {
+        "refs": [
+          "https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "46bff4ad-09fe-4ac5-803e-daa3b73e3aaf",
+          "tags": [
+            "estimative-language:likelihood-probability=\"very-likely\""
+          ],
+          "type": "variant-of"
+        },
+        {
+          "dest-uuid": "d410b534-07a4-4190-b253-f6616934bea6",
+          "tags": [
+            "estimative-language:likelihood-probability=\"very-likely\""
+          ],
+          "type": "variant-of"
+        }
+      ],
+      "uuid": "8f5a452a-4056-4004-bc9a-4c11cb8cf2b4",
+      "value": "Prynt Stealer"
+    },
+    {
+      "description": "Nearly identical to Prynt Stealer with a few differences. DarkEye is not sold or mentioned publicly, however, it is bundled as a backdoor with a “free” Prynt Stealer builder.",
+      "meta": {
+        "refs": [
+          "https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "8f5a452a-4056-4004-bc9a-4c11cb8cf2b4",
+          "tags": [
+            "estimative-language:likelihood-probability=\"very-likely\""
+          ],
+          "type": "variant-of"
+        },
+        {
+          "dest-uuid": "d410b534-07a4-4190-b253-f6616934bea6",
+          "tags": [
+            "estimative-language:likelihood-probability=\"very-likely\""
+          ],
+          "type": "variant-of"
+        }
+      ],
+      "uuid": "46bff4ad-09fe-4ac5-803e-daa3b73e3aaf",
+      "value": "DarkEye"
+    },
+    {
+      "description": "Prynt Stealer variant that appear to be written by the same author. It is nearly identical to Prynt Stealer with a few minor differences. While Prynt Stealer is the most popular brand name for selling the malware, WorldWind payloads are the most commonly observed in-the-wild. ",
+      "meta": {
+        "refs": [
+          "https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "8f5a452a-4056-4004-bc9a-4c11cb8cf2b4",
+          "tags": [
+            "estimative-language:likelihood-probability=\"very-likely\""
+          ],
+          "type": "variant-of"
+        },
+        {
+          "dest-uuid": "46bff4ad-09fe-4ac5-803e-daa3b73e3aaf",
+          "tags": [
+            "estimative-language:likelihood-probability=\"very-likely\""
+          ],
+          "type": "variant-of"
+        }
+      ],
+      "uuid": "d410b534-07a4-4190-b253-f6616934bea6",
+      "value": "WorldWind"
    }
  ],
-  "version": 8
+  "version": 9
 }