[ MALWARE MUTEX INTELLIGENCE DATABASE ]
 ███████╗██╗   ██╗██╗██╗         ███╗   ███╗██╗   ██╗████████╗███████╗██╗  ██╗
 ██╔════╝██║   ██║██║██║         ████╗ ████║██║   ██║╚══██╔══╝██╔════╝╚██╗██╔╝
█████╗  ██║   ██║██║██║         ██╔████╔██║██║   ██║   ██║   █████╗   ╚███╔╝
██╔══╝  ╚██╗ ██╔╝██║██║         ██║╚██╔╝██║██║   ██║   ██║   ██╔══╝   ██╔██╗
 ███████╗ ╚████╔╝ ██║███████╗    ██║ ╚═╝ ██║╚██████╔╝   ██║   ███████╗██╔╝ ██╗
 ╚══════╝  ╚═══╝  ╚═╝╚══════╝    ╚═╝     ╚═╝ ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝

Advanced Malware Analysis & Threat Intelligence

06:17:10
[ALL_FAMILIES]

FROSTRIFT

backdoor1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:
FROSTRIFT
CATEGORY:
BACKDOOR
DESCRIPTION:
FROSTRIFT is a backdoor malware that has been observed being distributed through fake AI websites. The malware is designed to provide remote access to compromised systems and is part of broader cybercriminal campaigns that weaponize fake AI platforms for malware distribution.
ALIASES:
FROSTRIFT Backdoor
TAGS:
remote_accessfake_ai_websitescybercriminalpersistence

[MUTEX_SIGNATURES](1)

[MUTEX_01]
7d9196467986
ANALYST: @adhikara13 DATE: 2024-07-16
REFERENCES:
https://cloud.google.com/blog/topics/threat-intelligence/cybercriminals-weaponize-fake-ai-websites

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:
UNC6032
FIRST_OBSERVED:
2024

[SIGMA_RULE]

[STATISTICS]
MUTEX_COUNT:1
THREAT_ACTORS:1
ALIASES:1
TAGS:4
CATEGORY:BACKDOOR
 Malware profile loaded successfully 
 EvilMutex Project v1.0.0 
 Open Source Threat Intelligence Database 
[GITHUB][DOCS]