[ MALWARE MUTEX INTELLIGENCE DATABASE ]
 ███████╗██╗   ██╗██╗██╗         ███╗   ███╗██╗   ██╗████████╗███████╗██╗  ██╗
 ██╔════╝██║   ██║██║██║         ████╗ ████║██║   ██║╚══██╔══╝██╔════╝╚██╗██╔╝
█████╗  ██║   ██║██║██║         ██╔████╔██║██║   ██║   ██║   █████╗   ╚███╔╝
██╔══╝  ╚██╗ ██╔╝██║██║         ██║╚██╔╝██║██║   ██║   ██║   ██╔══╝   ██╔██╗
 ███████╗ ╚████╔╝ ██║███████╗    ██║ ╚═╝ ██║╚██████╔╝   ██║   ███████╗██╔╝ ██╗
 ╚══════╝  ╚═══╝  ╚═╝╚══════╝    ╚═╝     ╚═╝ ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝

Advanced Malware Analysis & Threat Intelligence

06:17:12
[ALL_FAMILIES]

YaRAT

rat1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:
YaRAT
CATEGORY:
RAT
DESCRIPTION:
YaRAT is a remote access trojan (RAT) attributed to APT31, a Chinese state-sponsored threat group. It is used for cyber-espionage and persistent access, often leveraging cloud services for C2 and data exfiltration.
TAGS:
aptapt31remote_accesscloudwindowspersistence

[MUTEX_SIGNATURES](1)

[MUTEX_01]
YandexDisk
ANALYST: @adhikara13 DATE: 2024-12-19
REFERENCES:
https://global.ptsecurity.com/en/research/pt-esc-threat-intelligence/apt31-cloud-attacks/

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:
APT31
BRONZE VINEWOOD
JUDGMENT PANDA
Red keres
TA412
Violet Typhoon
ZIRCONIUM
Zirconium
FIRST_OBSERVED:
2024

[SIGMA_RULE]

[STATISTICS]
MUTEX_COUNT:1
THREAT_ACTORS:8
ALIASES:0
TAGS:6
CATEGORY:RAT
 Malware profile loaded successfully 
 EvilMutex Project v1.0.0 
 Open Source Threat Intelligence Database 
[GITHUB][DOCS]