⚠

Glupteba

backdoor3 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

Glupteba

CATEGORY:

BACKDOOR

DESCRIPTION:

Glupteba is a sophisticated backdoor malware that has been observed in various cybercriminal campaigns. The malware is designed to provide remote access to compromised systems and has been analyzed for its advanced evasion techniques and multi-stage attack capabilities. It employs multiple mutexes to coordinate different components and prevent multiple infections.

ALIASES:

Glupteba Backdoor

TAGS:

remote_accessmulti_stageevasion_techniquescybercriminalpersistence

[MUTEX_SIGNATURES](3)

[MUTEX_01]

Global\h48yorbq6rm87zot

ANALYST: @adhikara13 DATE: 2024-07-16

REFERENCES:

https://rt-solar.ru/solar-4rays/blog/3832/

https://github.com/sophoslabs/IoCs/blob/master/Trojan-Glupteba

https://www.trendmicro.com/vinfo/ae/threat-encyclopedia/malware/trojan.win32.glupteba.ta

[MUTEX_02]

Global\y7ze3fznx1u0yc2z

ANALYST: @adhikara13 DATE: 2024-07-16

REFERENCES:

https://www.trendmicro.com/vinfo/ae/threat-encyclopedia/malware/trojan.win32.glupteba.ta

[MUTEX_03]

Global\Mp6c3Ygukx29GbDk

ANALYST: @adhikara13 DATE: 2024-07-16

REFERENCES:

https://www.trendmicro.com/vinfo/ae/threat-encyclopedia/malware/trojan.win32.glupteba.ta

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠Unknown

FIRST_OBSERVED:

2019

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:3

THREAT_ACTORS:1

ALIASES:1

TAGS:5

CATEGORY:BACKDOOR

Malware profile loaded successfully