███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

Phoenix

backdoor1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

Phoenix

CATEGORY:

BACKDOOR

DESCRIPTION:

Phoenix Backdoor is a malware family associated with the MuddyWater threat group. It is used for espionage activities and provides remote access capabilities to compromised systems. The malware is part of MuddyWater's arsenal for conducting cyber espionage operations.

ALIASES:

Phoenix Backdoor

TAGS:

backdoorespionageremote_accessmuddywaterapt

[MUTEX_SIGNATURES](1)

[MUTEX_01]

sysprocupdate.exe

ANALYST: @adhikara13 DATE: 2025-12-30

REFERENCES:

https://www.group-ib.com/blog/muddywater-espionage/

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠MuddyWater

FIRST_OBSERVED:

2023

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:1

THREAT_ACTORS:1

ALIASES:1

TAGS:5

CATEGORY:BACKDOOR

Malware profile loaded successfully