[ MALWARE MUTEX INTELLIGENCE DATABASE ]
 ███████╗██╗   ██╗██╗██╗         ███╗   ███╗██╗   ██╗████████╗███████╗██╗  ██╗
 ██╔════╝██║   ██║██║██║         ████╗ ████║██║   ██║╚══██╔══╝██╔════╝╚██╗██╔╝
█████╗  ██║   ██║██║██║         ██╔████╔██║██║   ██║   ██║   █████╗   ╚███╔╝
██╔══╝  ╚██╗ ██╔╝██║██║         ██║╚██╔╝██║██║   ██║   ██║   ██╔══╝   ██╔██╗
 ███████╗ ╚████╔╝ ██║███████╗    ██║ ╚═╝ ██║╚██████╔╝   ██║   ███████╗██╔╝ ██╗
 ╚══════╝  ╚═══╝  ╚═╝╚══════╝    ╚═╝     ╚═╝ ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝

Advanced Malware Analysis & Threat Intelligence

06:17:10
[ALL_FAMILIES]

GRIMPULL

loader1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:
GRIMPULL
CATEGORY:
LOADER
DESCRIPTION:
GRIMPULL is a loader malware that has been observed being distributed through fake AI websites. The malware is designed to download and execute additional payloads on compromised systems and is part of broader cybercriminal campaigns that weaponize fake AI platforms for malware distribution.
ALIASES:
GRIMPULL Loader
TAGS:
payload_deliveryfake_ai_websitescybercriminalmulti_stage

[MUTEX_SIGNATURES](1)

[MUTEX_01]
aff391c406ebc4c3
ANALYST: @adhikara13 DATE: 2024-07-16
REFERENCES:
https://cloud.google.com/blog/topics/threat-intelligence/cybercriminals-weaponize-fake-ai-websites

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:
UNC6032
FIRST_OBSERVED:
2024

[SIGMA_RULE]

[STATISTICS]
MUTEX_COUNT:1
THREAT_ACTORS:1
ALIASES:1
TAGS:4
CATEGORY:LOADER
 Malware profile loaded successfully 
 EvilMutex Project v1.0.0 
 Open Source Threat Intelligence Database 
[GITHUB][DOCS]