This release consists of the following:
- Matanbuchus version 3.0, which uses ChaCha20 for configuration settings and encrypted strings: 2ac7a8b8c31fa655204d29e1052c5190
- DoNot Team APT LoptikMod implant: 893561ff6d17f1e95897b894dde29a2a
- Unnamed GoLang compiled malware we are calling ChiHou (Foolish Monkey) Rat based upon the comment header for the YAML compiled configuration data “ChiHouConfigInfo”: 4b2390d0b80000f142adbdcb0e5edb98
- NimDoor malware
- CoreAgentKit + Backdoor: d8529855fab4b4aa6c2b34449cb3b9fb
- Dropper + Implant: 76ace3a6892c25512b17ed42ac2ebd05
- Scavenger Loader
- 64-bit: 237becc806e3b2f70b7153594128bef8
- 32-bit: fd2afcd1da7c8d7c20d551d5485e8d1e
- Cyber Stealer
- Delimited: 358d9d9194d02102c0ed51fc4de3dad4
- Dead-Drop Resolver: 1b8037fbbc041e46edda1d24fb290f95
- Gunra Ransomware: 94b68826818ffe8ceb88884d644ad4fc
- Recategorize Bert Loader as Learning Packer, a version of which was observed with Gunra Ransomware
- Learning Packer + Gunra Ransomware: f6664f4e77b7bcc59772cd359fdf271c