[ MALWARE MUTEX INTELLIGENCE DATABASE ]
 ███████╗██╗   ██╗██╗██╗         ███╗   ███╗██╗   ██╗████████╗███████╗██╗  ██╗
 ██╔════╝██║   ██║██║██║         ████╗ ████║██║   ██║╚══██╔══╝██╔════╝╚██╗██╔╝
█████╗  ██║   ██║██║██║         ██╔████╔██║██║   ██║   ██║   █████╗   ╚███╔╝
██╔══╝  ╚██╗ ██╔╝██║██║         ██║╚██╔╝██║██║   ██║   ██║   ██╔══╝   ██╔██╗
 ███████╗ ╚████╔╝ ██║███████╗    ██║ ╚═╝ ██║╚██████╔╝   ██║   ███████╗██╔╝ ██╗
 ╚══════╝  ╚═══╝  ╚═╝╚══════╝    ╚═╝     ╚═╝ ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝

Advanced Malware Analysis & Threat Intelligence

06:17:12
[ALL_FAMILIES]

TinyNote

backdoor1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:
TinyNote
CATEGORY:
BACKDOOR
DESCRIPTION:
TinyNote is a Go-based backdoor developed by Camaro Dragon APT group, associated with Chinese state-sponsored threat actors including Mustang Panda. The malware targets European foreign affairs entities linked to Southeast and East Asia, particularly Myanmar and Indonesia. It features SmadAV antivirus evasion capabilities, uses XOR encryption with the key 'NASA', and employs deceptive folder icons with diplomatic-themed naming conventions. The backdoor focuses on redundancy for persistence, including multiple C&C servers and different command execution methods through PowerShell and Goroutines.
ALIASES:
TinyNote Backdoor
TAGS:
aptchinadiplomacy_targetinggolangsmadav_evasionxor_encryptionforeign_affairssoutheast_asiapersistencemulti_c2

[MUTEX_SIGNATURES](1)

[MUTEX_01]
NASA&USA
ANALYST: @adhikara13 DATE: 2025-01-15
REFERENCES:
https://research.checkpoint.com/2023/malware-spotlight-camaro-dragons-tinynote-backdoor

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:
Camaro Dragon
Mustang Panda
FIRST_OBSERVED:
2023

[SIGMA_RULE]

[STATISTICS]
MUTEX_COUNT:1
THREAT_ACTORS:2
ALIASES:1
TAGS:10
CATEGORY:BACKDOOR
 Malware profile loaded successfully 
 EvilMutex Project v1.0.0 
 Open Source Threat Intelligence Database 
[GITHUB][DOCS]