diff --git a/analyzer/windows/tests/test_analyzer.py b/analyzer/windows/tests/test_analyzer.py
index bbe274844c4..783e21dd505 100644
--- a/analyzer/windows/tests/test_analyzer.py
+++ b/analyzer/windows/tests/test_analyzer.py
@@ -986,23 +986,3 @@ def test_handle_process(self, mock_process):
         self.assertIsNotNone(ana.LASTINJECT_TIME)
         mock_process.assert_called_once()
         self.assertEqual(1, ana.NUM_INJECTED)
-
-    @patch("analyzer.Process")
-    def test_handle_process_invalid_data(self, mock_process):
-        ana = self.analyzer
-        with self.assertRaises(ValueError):
-            data = bytes("does not have a colon".encode())
-            self.pipe_handler._handle_process(data=data)
-        with self.assertRaises(ValueError):
-            data = bytes("has:too:many:colons".encode())
-            self.pipe_handler._handle_process(data=data)
-
-        data = bytes("no_comma:non_digits".encode())
-        self.pipe_handler._handle_process(data=data)
-        self.assertIsNone(ana.LASTINJECT_TIME)
-        mock_process.assert_not_called()
-
-        data = bytes("with_comma:non_digits,non_digits".encode())
-        self.pipe_handler._handle_process(data=data)
-        self.assertIsNone(ana.LASTINJECT_TIME)
-        mock_process.assert_not_called()
diff --git a/data/yara/CAPE/AdaptixBeacon.yar b/data/yara/CAPE/AdaptixBeacon.yar
index efa3c297850..4e68fcc7a8a 100644
--- a/data/yara/CAPE/AdaptixBeacon.yar
+++ b/data/yara/CAPE/AdaptixBeacon.yar
@@ -6,11 +6,13 @@ rule AdaptixBeacon
         cape_type = "AdaptixBeacon Payload"
         hash = "f78f5803be5704420cbb2e0ac3c57fcb3d9cdf443fbf1233c069760bee115b5d"
     strings:
-        $conf_1 = {8D ?? ?? E8 [3] 00 4? 89 [1-2] 4? 8B 4C 24 ?? E8 [3] 00 4? 8B 53 48 66 [0-1] 89 04}
+        $conf_1 = {8D ?? ?? E8 [3] 00 4? 89 [1-2] 4? 8B 4C 24 ?? E8 [3] 00 4? 8B 53 48 66 [0-1] 89 04 ?? E8}
         $conf_2 = {E8 [3] 00 48 8B 4C 24 ?? 48 89 43 78 E8 [3] 00 48 8B 4C 24 ?? 89 83 80 00 00 00 E8 [3] 00 03 83 80 00 00 00 48 8B 4C 24}
         $conf_3 = {E8 [3] 00 4? 8B 4C 24 ?? 4? 89 ?? 4? 89 43 58 E8 [3] 00 4? 8B 4C 24 ?? 4? 89 ?? 4? 89 43 60 E8 [3] 00 4? 8B 4C 24 ?? 4? 89 ?? 4? 89 43 68}
-        $wininet_1 = {B9 77 00 00 00 4? 89 50 28 E8 [4] B9 69 00 00 00 88 44 24 ?? E8 [4] B9 6E 00 00 00 88 44 24}
-        $wininet_2 = {B9 69 00 00 00 88 44 24 ?? E8 [4] B9 6E 00 00 00 88 44 24 ?? E8 [4] B9 65 00 00 00 88 44 24}
+        $conf_4 = {8D ?? ?? 4? 89 ?? FF ?? 4? 89 ?? 4? 89 ?? 4? 8B ?? FF ?? ?? 4? 8B ?? 48 66 ?? 89 ?? ?? EB}
+        $conf_5 = {48 89 ?? 4? 89 ?? FF ?? 4? 89 ?? 4? 89 D9 4? 89 ?? ?? 4? 8B 03 FF ?? ?? 4? 89 ?? 4? 89 ?? 4? 89 ?? ?? 4? 8B 03 FF ?? ?? 4? 89}
+        $wininet_1 = {B9 77 00 00 00 [0-4] E8 [4] B9 69 00 00 00 88 ?4 24 [0-4] E8 [4] B9 6E 00 00 00 88 ?4 24}
+        $wininet_2 = {B9 69 00 00 00 88 ?4 24 [0-4] E8 [4] B9 6E 00 00 00 88 ?4 24 [0-4] E8 [4] B9 65 00 00 00 88 ?4 24}
     condition:
         1 of ($conf_*) and 1 of ($wininet_*)
-}
\ No newline at end of file
+}
diff --git a/data/yara/CAPE/NitroBunnyDownloader.yar b/data/yara/CAPE/NitroBunnyDownloader.yar
new file mode 100644
index 00000000000..733efe3a41a
--- /dev/null
+++ b/data/yara/CAPE/NitroBunnyDownloader.yar
@@ -0,0 +1,17 @@
+rule NitroBunnyDownloader
+{
+    meta:
+        author = "enzok"
+        description = "NitroBunnyDownloader"
+        cape_type = "NitroBunnyDownloader Payload"
+        hash = "960e59200ec0a4b5fb3b44e6da763f5fec4092997975140797d4eec491de411b"
+    strings:
+        $config = {E8 [3] 00 41 B8 ?? ?? 00 00 48 8D 15 [3] 00 48 89 C1 48 89 ?? E8 [3] 00}
+        $string1 = "X-Amz-User-Agent:" wide
+        $string2 = "Amz-Security-Flag:" wide
+        $string3 = "/cart" wide
+        $string4 = "Cookie: " wide
+        $string5 = "wishlist" wide
+    condition:
+        uint16(0) == 0x5A4D and $config and 2 of ($string*)
+}
diff --git a/data/yara/CAPE/Rhadamanthys.yar b/data/yara/CAPE/Rhadamanthys.yar
index c5ca2677238..367d73f8b4c 100644
--- a/data/yara/CAPE/Rhadamanthys.yar
+++ b/data/yara/CAPE/Rhadamanthys.yar
@@ -1,13 +1,15 @@
 rule Rhadamanthys
 {
     meta:
-        author = "kevoreilly"
+        author = "kevoreilly, YungBinary"
         description = "Rhadamanthys Loader"
         cape_type = "Rhadamanthys Loader"
     strings:
         $rc4 = {88 4C 01 08 41 81 F9 00 01 00 00 7C F3 89 75 08 33 FF 8B 4D 08 3B 4D 10 72 04 83 65 08 00}
         $code = {8B 4D FC 3B CF 8B C1 74 0D 83 78 04 02 74 1C 8B 40 1C 3B C7 75 F3 3B CF 8B C1 74 57 83 78 04 17 74 09 8B 40 1C 3B C7 75 F3 EB}
         $conf = {46 BB FF 00 00 00 23 F3 0F B6 44 31 08 03 F8 23 FB 0F B6 5C 39 08 88 5C 31 08 88 44 39 08 02 C3 8B 5D 08 0F B6 C0 8A 44 08 08}
+        $beef = {57 8D 44 33 FC 53 83 C6 FC 50 56 E8 [4] 83 C4 10 66 81 3F EF BE 0F 85}
+        $config_2 = {0F B6 4F 2A 8D 77 2A 33 C0 6A 03 89 45 F8 89 45 FC 89 45 08 8B C1}
         $cape_string = "cape_options"
     condition:
         2 of them and not $cape_string