[ MALWARE MUTEX INTELLIGENCE DATABASE ]
 ███████╗██╗   ██╗██╗██╗         ███╗   ███╗██╗   ██╗████████╗███████╗██╗  ██╗
 ██╔════╝██║   ██║██║██║         ████╗ ████║██║   ██║╚══██╔══╝██╔════╝╚██╗██╔╝
█████╗  ██║   ██║██║██║         ██╔████╔██║██║   ██║   ██║   █████╗   ╚███╔╝
██╔══╝  ╚██╗ ██╔╝██║██║         ██║╚██╔╝██║██║   ██║   ██║   ██╔══╝   ██╔██╗
 ███████╗ ╚████╔╝ ██║███████╗    ██║ ╚═╝ ██║╚██████╔╝   ██║   ███████╗██╔╝ ██╗
 ╚══════╝  ╚═══╝  ╚═╝╚══════╝    ╚═╝     ╚═╝ ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝

Advanced Malware Analysis & Threat Intelligence

06:17:10
[ALL_FAMILIES]

GuptiMiner

miner5 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:
GuptiMiner
CATEGORY:
MINER
DESCRIPTION:
GuptiMiner is a sophisticated malware that hijacks antivirus updates to distribute backdoors and cryptocurrency miners. The malware employs advanced techniques to evade detection and has been observed using multiple mutexes to coordinate different components and prevent multiple infections on the same system.
ALIASES:
GuptiMiner
TAGS:
cryptocurrency_miningbackdoorantivirus_hijackingupdate_abuseevasion_techniques

[MUTEX_SIGNATURES](5)

[MUTEX_01]
Mutex_ONLY_ME_V<version>
ANALYST: @adhikara13 DATE: 2024-07-16
REFERENCES:
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
[MUTEX_02]
SLDV<2-3 numeric>
ANALYST: @adhikara13 DATE: 2024-07-16
REFERENCES:
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
[MUTEX_03]
GlobalMIVOD_V4
ANALYST: @adhikara13 DATE: 2024-07-16
REFERENCES:
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
[MUTEX_04]
MIVOD_6
ANALYST: @adhikara13 DATE: 2024-07-16
REFERENCES:
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
[MUTEX_05]
MTX_EX01
ANALYST: @adhikara13 DATE: 2024-07-16
REFERENCES:
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:
Unknown
FIRST_OBSERVED:
2024

[SIGMA_RULE]

[STATISTICS]
MUTEX_COUNT:5
THREAT_ACTORS:1
ALIASES:1
TAGS:5
CATEGORY:MINER
 Malware profile loaded successfully 
 EvilMutex Project v1.0.0 
 Open Source Threat Intelligence Database 
[GITHUB][DOCS]