███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

UDPGangster

backdoor1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

UDPGangster

CATEGORY:

BACKDOOR

DESCRIPTION:

UDPGangster is a malware family associated with the MuddyWater threat group. It has been observed in campaigns targeting multiple countries and is used for espionage activities. The malware leverages UDP communication for command and control operations.

ALIASES:

UDP Gangster

TAGS:

backdoorespionageudp_c2muddywaterapt

[MUTEX_SIGNATURES](1)

[MUTEX_01]

xhxhxhxhxhxpp

ANALYST: @adhikara13 DATE: 2025-12-30

REFERENCES:

https://www.fortinet.com/blog/threat-research/udpgangster-campaigns-target-multiple-countries

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠MuddyWater

FIRST_OBSERVED:

2025

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:1

THREAT_ACTORS:1

ALIASES:1

TAGS:5

CATEGORY:BACKDOOR

Malware profile loaded successfully