[ MALWARE MUTEX INTELLIGENCE DATABASE ]
 ███████╗██╗   ██╗██╗██╗         ███╗   ███╗██╗   ██╗████████╗███████╗██╗  ██╗
 ██╔════╝██║   ██║██║██║         ████╗ ████║██║   ██║╚══██╔══╝██╔════╝╚██╗██╔╝
█████╗  ██║   ██║██║██║         ██╔████╔██║██║   ██║   ██║   █████╗   ╚███╔╝
██╔══╝  ╚██╗ ██╔╝██║██║         ██║╚██╔╝██║██║   ██║   ██║   ██╔══╝   ██╔██╗
 ███████╗ ╚████╔╝ ██║███████╗    ██║ ╚═╝ ██║╚██████╔╝   ██║   ███████╗██╔╝ ██╗
 ╚══════╝  ╚═══╝  ╚═╝╚══════╝    ╚═╝     ╚═╝ ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝

Advanced Malware Analysis & Threat Intelligence

06:17:11
[ALL_FAMILIES]

ProjectWood

backdoor1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:
ProjectWood
CATEGORY:
BACKDOOR
DESCRIPTION:
Project Wood is a sophisticated backdoor malware that has been evolving since 2005, associated with the Gelsemium APT group. It uses TEA encryption algorithm with variable rounds for C&C communication, employs kernel driver modules for process hiding, and implements multiple persistence mechanisms. The malware is known for its Linux variant FireWood and has been used in various operations including Operation TooHash.
ALIASES:
Project Wood
TAGS:
backdoortea_encryptionkernel_moduleprocess_hidingpersistencec2_communication

[MUTEX_SIGNATURES](1)

[MUTEX_01]
IMPROVING CLIENT Want Wood To Exit?
ANALYST: @adhikara13 DATE: 2025-07-30
REFERENCES:
https://www.welivesecurity.com/en/eset-research/unveiling-wolfsbane-gelsemiums-linux-counterpart-to-gelsevirine/

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:
Gelsemium
FIRST_OBSERVED:
2005

[SIGMA_RULE]

[STATISTICS]
MUTEX_COUNT:1
THREAT_ACTORS:1
ALIASES:1
TAGS:6
CATEGORY:BACKDOOR
 Malware profile loaded successfully 
 EvilMutex Project v1.0.0 
 Open Source Threat Intelligence Database 
[GITHUB][DOCS]