[ MALWARE MUTEX INTELLIGENCE DATABASE ]
 ███████╗██╗   ██╗██╗██╗         ███╗   ███╗██╗   ██╗████████╗███████╗██╗  ██╗
 ██╔════╝██║   ██║██║██║         ████╗ ████║██║   ██║╚══██╔══╝██╔════╝╚██╗██╔╝
█████╗  ██║   ██║██║██║         ██╔████╔██║██║   ██║   ██║   █████╗   ╚███╔╝
██╔══╝  ╚██╗ ██╔╝██║██║         ██║╚██╔╝██║██║   ██║   ██║   ██╔══╝   ██╔██╗
 ███████╗ ╚████╔╝ ██║███████╗    ██║ ╚═╝ ██║╚██████╔╝   ██║   ███████╗██╔╝ ██╗
 ╚══════╝  ╚═══╝  ╚═╝╚══════╝    ╚═╝     ╚═╝ ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝

Advanced Malware Analysis & Threat Intelligence

06:17:09
[ALL_FAMILIES]

BADNEWS

rat2 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:
BADNEWS
CATEGORY:
RAT
DESCRIPTION:
BADNEWS is a Remote Access Trojan (RAT) that has been used by the White Elephant APT group (also known as Patchwork or APT-C-35) in various espionage campaigns.
ALIASES:
BADNEWS RAT
TAGS:
remote_accessinfostealerc2apt

[MUTEX_SIGNATURES](2)

[MUTEX_01]
rendumm
ANALYST: @adhikara13 DATE: 2024-08-01
REFERENCES:
https://www.antiy.cn/research/notice&report/research_report/20221027.html
[MUTEX_02]
RfmbFv8D
ANALYST: @adhikara13 DATE: 2025-07-30
REFERENCES:
https://rayblog.rising.com.cn/2024/08/2024%e5%b9%b47%e6%9c%88%ef%bc%9apatchwork%e7%bb%84%e7%bb%87%e9%92%88%e5%af%b9%e6%88%91%e5%9b%bd%e7%a7%91%e7%a0%94%e6%95%99%e8%82%b2%e9%a2%86%e5%9f%9f%e7%9a%84%e6%94%bb%e5%87%bb%e4%ba%8b%e4%bb%b6/

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:
White Elephant
Patchwork
FIRST_OBSERVED:
2013

[SIGMA_RULE]

[STATISTICS]
MUTEX_COUNT:2
THREAT_ACTORS:2
ALIASES:1
TAGS:4
CATEGORY:RAT
 Malware profile loaded successfully 
 EvilMutex Project v1.0.0 
 Open Source Threat Intelligence Database 
[GITHUB][DOCS]