███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

SpiceRAT

rat2 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

SpiceRAT

CATEGORY:

RAT

DESCRIPTION:

SpiceRAT is a Remote Access Trojan (RAT) that has been observed in various cybercriminal campaigns. The malware is designed to provide remote access to compromised systems and is known for its sophisticated evasion techniques and multi-stage attack capabilities. It has been associated with the SneakyChef threat group.

ALIASES:

SpiceRAT

TAGS:

remote_accessmulti_stageevasion_techniquescybercriminalsneakychef

[MUTEX_SIGNATURES](2)

[MUTEX_01]

{00866F68-6C46-4ABD-A8D6-2246FE482F99}

ANALYST: @adhikara13 DATE: 2024-07-16

REFERENCES:

https://medium.com/@MateoPappa/letsdefend-spicerat-medium-881a474c0982

https://blog.talosintelligence.com/new-spicerat-sneakychef/

[MUTEX_02]

{00861111-3333-4ABD-GGGG-2246FE482F99}

ANALYST: @adhikara13 DATE: 2024-07-16

REFERENCES:

https://blog.talosintelligence.com/new-spicerat-sneakychef/

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠Unknown

FIRST_OBSERVED:

2023

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:2

THREAT_ACTORS:1

ALIASES:1

TAGS:5

CATEGORY:RAT

Malware profile loaded successfully