GravityRAT makes a come back with versions for Android and MAC. It was previously know as for spying on Windows users only. It is capable of retrieving device data, contact lists, email addresses, call logs and SMS messages and can ex-filtrate various types of documents and files.

Pysa Ransomware, also know by its former name Mespinoza Ransomware is typically distributed via malspam, malvertising campaign, exploit kits, drive-by downloads, and brute-forcing accounts on servers that have RDP exposed to the Internet. Pysa encrypts data using AES-256 the keys for which are then encrypted with RSA.

PowerPepper is a Windows in-memory PowerShell backdoor that can execute remotely sent shell commands. It is associated with DeathStalker (formerly called Deceptikons), a threat actor know to be active since 2012. The threat actor consistently used what is called "dead-drop resolvers" (DDRs), which is an obfuscated content hosted on major public web services like YouTube, Twitter or Reddit, once decoded by malware this content reveals a command-and-control (C2) server address.

Buer is malware-as-a-service product that provide initial foothold in the victim's machine and deliver whatever payload it's owner what to deliver. It can be a RAT or Stealer. Recently it is know to be delivering ransomware like Ryuk.

Blackrota is a backdoor written in go lang and targets Docker containers. It attempts to exploit an unauthorized-access vulnerability in the Docker Remote API.