[ MALWARE MUTEX INTELLIGENCE DATABASE ]

 ███████╗██╗   ██╗██╗██╗         ███╗   ███╗██╗   ██╗████████╗███████╗██╗  ██╗
 ██╔════╝██║   ██║██║██║         ████╗ ████║██║   ██║╚══██╔══╝██╔════╝╚██╗██╔╝
█████╗  ██║   ██║██║██║         ██╔████╔██║██║   ██║   ██║   █████╗   ╚███╔╝
██╔══╝  ╚██╗ ██╔╝██║██║         ██║╚██╔╝██║██║   ██║   ██║   ██╔══╝   ██╔██╗
 ███████╗ ╚████╔╝ ██║███████╗    ██║ ╚═╝ ██║╚██████╔╝   ██║   ███████╗██╔╝ ██╗
 ╚══════╝  ╚═══╝  ╚═╝╚══════╝    ╚═╝     ╚═╝ ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝

Advanced Malware Analysis & Threat Intelligence

06:17:09

⚠

CHIMNEYSWEEP

backdoor7 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

CHIMNEYSWEEP

CATEGORY:

BACKDOOR

DESCRIPTION:

CHIMNEYSWEEP is a backdoor malware that has been associated with likely Iranian threat actors conducting politically motivated disruptive activities. The malware is designed to provide remote access to compromised systems and has been observed using multiple mutexes to coordinate different components and prevent multiple infections on the same system.

ALIASES:

CHIMNEYSWEEP Backdoor

TAGS:

remote_accessiranian_threat_actorpolitically_motivateddisruptive_activitypersistence

[MUTEX_SIGNATURES](7)

[MUTEX_01]

rerunadmn

ANALYST: @adhikara13 DATE: 2024-07-16

REFERENCES:

https://cloud.google.com/blog/topics/threat-intelligence/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against/

[MUTEX_02]

subttoadmn

ANALYST: @adhikara13 DATE: 2024-07-16

REFERENCES:

https://cloud.google.com/blog/topics/threat-intelligence/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against/

[MUTEX_03]

runupdate

ANALYST: @adhikara13 DATE: 2024-07-16

REFERENCES:

https://cloud.google.com/blog/topics/threat-intelligence/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against/

[MUTEX_04]

runupdateok

ANALYST: @adhikara13 DATE: 2024-07-16

REFERENCES:

https://cloud.google.com/blog/topics/threat-intelligence/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against/

[MUTEX_05]

baserun

ANALYST: @adhikara13 DATE: 2024-07-16

REFERENCES:

https://cloud.google.com/blog/topics/threat-intelligence/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against/

[MUTEX_06]

heyirunadmn

ANALYST: @adhikara13 DATE: 2024-07-16

REFERENCES:

https://cloud.google.com/blog/topics/threat-intelligence/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against/

[MUTEX_07]

corerun

ANALYST: @adhikara13 DATE: 2024-07-16

REFERENCES:

https://cloud.google.com/blog/topics/threat-intelligence/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against/

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠HomeLand Justice

⚠HEXANE

⚠Red Sandstorm

⚠Banished Kitten

FIRST_OBSERVED:

2024

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:7

THREAT_ACTORS:4

ALIASES:1

TAGS:5

CATEGORY:BACKDOOR

Malware profile loaded successfully