███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

Chrysalis

backdoor1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

Chrysalis

CATEGORY:

BACKDOOR

DESCRIPTION:

Chrysalis Backdoor is a malware family associated with the Lotus Blossom threat group. It is part of Lotus Blossom's toolkit used for espionage and remote access operations. The backdoor provides persistent access to compromised systems.

ALIASES:

Chrysalis

TAGS:

backdoorespionageremote_accesslotus_blossomapt

[MUTEX_SIGNATURES](1)

[MUTEX_01]

Global\Jdhfv_1.0.1

ANALYST: @adhikara13 DATE: 2026-04-02

REFERENCES:

https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠Lotus Blossom

FIRST_OBSERVED:

2023

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:1

THREAT_ACTORS:1

ALIASES:1

TAGS:5

CATEGORY:BACKDOOR

Malware profile loaded successfully