███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

Cyst

loader1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

Cyst

CATEGORY:

LOADER

DESCRIPTION:

Cyst is a loader malware that has been used by various threat actors, including the Cobalt Group, to deliver additional payloads to compromised systems. The malware is designed to evade detection while establishing persistence and executing malicious code.

ALIASES:

cystloader

TAGS:

loaderpayload_deliveryevasionpersistence

[MUTEX_SIGNATURES](1)

[MUTEX_01]

syst<10 digits>

ANALYST: @adhikara13 DATE: 2024-07-19

REFERENCES:

https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠Unknown

FIRST_OBSERVED:

Unknown

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:1

THREAT_ACTORS:1

ALIASES:1

TAGS:4

CATEGORY:LOADER

Malware profile loaded successfully