Figure 6: Malware payloads as part of attack chains exploiting ZDI-CAN-25373 - ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns

================================================

Xeno RAT - 1
QakBot - 1
AsyncRat - 1
Venom RAT - 1
Jellyfish Loader - 1
DEEP#GOSU - 1
Gozi - 1
Gh0st RAT - 1
Racoon - 1
OutSteel - 1
MuddyC2Go - 1
Amadey - 1
Remcos - 1
TrickBot - 2
Quasar RAT - 2 
Brute Ratel - 2
Formbook - 2
BitRat - 3
VileRAT - 3
Snake Keylogger - 3
Qakbot - 3
Voldemort - 4
Agent Tesla - 4
RokRAT - 5
XWorm - 7
Cobalt Strike - 7
Sliver - 7
Gh0stCringe - 7
Warzone RAT - 8
Lilith RAT - 8
BlackMoon - 8
PupyRAT - 11
GuLoader - 13
GuLoader, Remcos - 14
Lumma Stealer - 15
PoC - 34
MaaS - 79
Raspberry Robin - 86