[ MALWARE MUTEX INTELLIGENCE DATABASE ]
 ███████╗██╗   ██╗██╗██╗         ███╗   ███╗██╗   ██╗████████╗███████╗██╗  ██╗
 ██╔════╝██║   ██║██║██║         ████╗ ████║██║   ██║╚══██╔══╝██╔════╝╚██╗██╔╝
█████╗  ██║   ██║██║██║         ██╔████╔██║██║   ██║   ██║   █████╗   ╚███╔╝
██╔══╝  ╚██╗ ██╔╝██║██║         ██║╚██╔╝██║██║   ██║   ██║   ██╔══╝   ██╔██╗
 ███████╗ ╚████╔╝ ██║███████╗    ██║ ╚═╝ ██║╚██████╔╝   ██║   ███████╗██╔╝ ██╗
 ╚══════╝  ╚═══╝  ╚═╝╚══════╝    ╚═╝     ╚═╝ ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝

Advanced Malware Analysis & Threat Intelligence

06:17:09
[ALL_FAMILIES]

CLRLoad

loader1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:
CLRLoad
CATEGORY:
LOADER
DESCRIPTION:
CLRLoad is a loader malware used by the Worok threat group. The malware is designed to download and execute additional payloads on compromised systems and has been observed in various targeted attack campaigns. It employs sophisticated techniques to evade detection and establish persistence.
ALIASES:
CLRLoad Loader
TAGS:
payload_deliverymulti_stageworoktargeted_attackevasion_techniques

[MUTEX_SIGNATURES](1)

[MUTEX_01]
Wo0r0KGWhYGO
ANALYST: @adhikara13 DATE: 2024-07-16
REFERENCES:
https://www.welivesecurity.com/2022/09/06/worok-big-picture/

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:
Worok
FIRST_OBSERVED:
2022

[SIGMA_RULE]

[STATISTICS]
MUTEX_COUNT:1
THREAT_ACTORS:1
ALIASES:1
TAGS:5
CATEGORY:LOADER
 Malware profile loaded successfully 
 EvilMutex Project v1.0.0 
 Open Source Threat Intelligence Database 
[GITHUB][DOCS]