add Prynt Stealer & variants

clusters/stealer.json

@@ -88,7 +88,85 @@
       },
       "uuid": "ebc1c15d-3e27-456e-9473-61d92d91bda8",
       "value": "HackBoss"
+    },
+    {
+      "description": "Prynt Stealer is an information stealer that has the ability to capture credentials that are stored on a compromised system including web browsers, VPN/FTP clients, as well as messaging and gaming applications. Its developer based the malware code on open source projects including AsyncRAT and StormKitty. Prynt Stealer uses Telegram to exfiltrate data that is stolen from victims. Its author added a backdoor Telegram channel to collect the information stolen by other criminals.",
+      "meta": {
+        "refs": [
+          "https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "46bff4ad-09fe-4ac5-803e-daa3b73e3aaf",
+          "tags": [
+            "estimative-language:likelihood-probability=\"very-likely\""
+          ],
+          "type": "variant-of"
+        },
+        {
+          "dest-uuid": "d410b534-07a4-4190-b253-f6616934bea6",
+          "tags": [
+            "estimative-language:likelihood-probability=\"very-likely\""
+          ],
+          "type": "variant-of"
+        }
+      ],
+      "uuid": "8f5a452a-4056-4004-bc9a-4c11cb8cf2b4",
+      "value": "Prynt Stealer"
+    },
+    {
+      "description": "Nearly identical to Prynt Stealer with a few differences. DarkEye is not sold or mentioned publicly, however, it is bundled as a backdoor with a “free” Prynt Stealer builder.",
+      "meta": {
+        "refs": [
+          "https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "8f5a452a-4056-4004-bc9a-4c11cb8cf2b4",
+          "tags": [
+            "estimative-language:likelihood-probability=\"very-likely\""
+          ],
+          "type": "variant-of"
+        },
+        {
+          "dest-uuid": "d410b534-07a4-4190-b253-f6616934bea6",
+          "tags": [
+            "estimative-language:likelihood-probability=\"very-likely\""
+          ],
+          "type": "variant-of"
+        }
+      ],
+      "uuid": "46bff4ad-09fe-4ac5-803e-daa3b73e3aaf",
+      "value": "DarkEye"
+    },
+    {
+      "description": "Prynt Stealer variant that appear to be written by the same author. It is nearly identical to Prynt Stealer with a few minor differences. While Prynt Stealer is the most popular brand name for selling the malware, WorldWind payloads are the most commonly observed in-the-wild. ",
+      "meta": {
+        "refs": [
+          "https://www.zscaler.com/blogs/security-research/no-honor-among-thieves-prynt-stealers-backdoor-exposed"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "8f5a452a-4056-4004-bc9a-4c11cb8cf2b4",
+          "tags": [
+            "estimative-language:likelihood-probability=\"very-likely\""
+          ],
+          "type": "variant-of"
+        },
+        {
+          "dest-uuid": "46bff4ad-09fe-4ac5-803e-daa3b73e3aaf",
+          "tags": [
+            "estimative-language:likelihood-probability=\"very-likely\""
+          ],
+          "type": "variant-of"
+        }
+      ],
+      "uuid": "d410b534-07a4-4190-b253-f6616934bea6",
+      "value": "WorldWind"
     }
   ],
-  "version": 8
+  "version": 9
 }