StrongPity
[StrongPity] is an information stealing malware used by [PROMETHIUM](https://attack.mitre.org/groups/G0056).(Citation: Bitdefender StrongPity June 2020)(Citation: Talos Promethium June 2020)
HAPPYWORK
[HAPPYWORK] is a downloader used by [APT37](https://attack.mitre.org/groups/G0067) to target South Korean government and financial victims in November 2016. (Citation: FireEye APT37 Feb 2018)
PLAINTEE
[PLAINTEE] is a malware sample that has been used by [Rancor](https://attack.mitre.org/groups/G0075) in targeted attacks in Singapore and Cambodia. (Citation: Rancor Unit42 June 2018)
Pony
[Pony] is a credential stealing malware, though has also been used among adversaries for its downloader capabilities. The source code for Pony Loader 1.0 and 2.0 were leaked online, leading to their use by various threat actors.(Citation: Malwarebytes Pony April 2016)
WinMM
[WinMM] is a full-featured, simple backdoor used by [Naikon](https://attack.mitre.org/groups/G0019). (Citation: Baumgartner Naikon 2015)
Janicab
[Janicab] is an OS X trojan that relied on a valid developer ID and oblivious users to install it. (Citation: Janicab)
AuditCred
[AuditCred] is a malicious DLL that has been used by [Lazarus Group](https://attack.mitre.org/groups/G0032) during their 2018 attacks.(Citation: TrendMicro Lazarus Nov 2018)
Lurid
[Lurid] is a malware family that has been used by several groups, including [PittyTiger](https://attack.mitre.org/groups/G0011), in targeted attacks as far back as 2006. (Citation: Villeneuve 2014) (Citation: Villeneuve 2011)
Kasidet
[Kasidet] is a backdoor that has been dropped by using malicious VBA macros. (Citation: Zscaler Kasidet)
OceanSalt
[OceanSalt] is a Trojan that was used in a campaign targeting victims in South Korea, United States, and Canada. [OceanSalt] shares code similarity with [SpyNote RAT](https://attack.mitre.org/software/S0305), which has been linked to [APT1](https://attack.mitre.org/groups/G0006).(Citation: McAfee Oceansalt Oct 2018)