A new threat group uses NSIS as an installer to target industrial companies with revolving payloads, including LokiBot, FormBook, BetaBot, Agent Tesla and Netwire. RATicate (a combination of RAT and syndicate ) has targeted industrial firms in Europe, the Middle East and the Republic of Korea with malspam emails. The lures have varied, with some purporting to concern balance payments and asking victims to check the attached bank confirmation; and more recent ones leveraging coronavirus concerns.
Source: https://threatpost.com/raticate-group-industrial-firms-revolving-payloads/155775/