Figure 6: Malware payloads as part of attack chains exploiting ZDI-CAN-25373 - ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns ================================================ Xeno RAT - 1 QakBot - 1 AsyncRat - 1 Venom RAT - 1 Jellyfish Loader - 1 DEEP#GOSU - 1 Gozi - 1 Gh0st RAT - 1 Racoon - 1 OutSteel - 1 MuddyC2Go - 1 Amadey - 1 Remcos - 1 TrickBot - 2 Quasar RAT - 2 Brute Ratel - 2 Formbook - 2 BitRat - 3 VileRAT - 3 Snake Keylogger - 3 Qakbot - 3 Voldemort - 4 Agent Tesla - 4 RokRAT - 5 XWorm - 7 Cobalt Strike - 7 Sliver - 7 Gh0stCringe - 7 Warzone RAT - 8 Lilith RAT - 8 BlackMoon - 8 PupyRAT - 11 GuLoader - 13 GuLoader, Remcos - 14 Lumma Stealer - 15 PoC - 34 MaaS - 79 Raspberry Robin - 86