[ MALWARE MUTEX INTELLIGENCE DATABASE ]
 ███████╗██╗   ██╗██╗██╗         ███╗   ███╗██╗   ██╗████████╗███████╗██╗  ██╗
 ██╔════╝██║   ██║██║██║         ████╗ ████║██║   ██║╚══██╔══╝██╔════╝╚██╗██╔╝
█████╗  ██║   ██║██║██║         ██╔████╔██║██║   ██║   ██║   █████╗   ╚███╔╝
██╔══╝  ╚██╗ ██╔╝██║██║         ██║╚██╔╝██║██║   ██║   ██║   ██╔══╝   ██╔██╗
 ███████╗ ╚████╔╝ ██║███████╗    ██║ ╚═╝ ██║╚██████╔╝   ██║   ███████╗██╔╝ ██╗
 ╚══════╝  ╚═══╝  ╚═╝╚══════╝    ╚═╝     ╚═╝ ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝

Advanced Malware Analysis & Threat Intelligence

06:17:12
[ALL_FAMILIES]

Yokai

backdoor1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:
Yokai
CATEGORY:
BACKDOOR
DESCRIPTION:
Yokai is a backdoor malware associated with threat actors Hive0154 and Mustang Panda. The malware is designed to provide remote access to compromised systems and has been observed in targeted attacks. Yokai is related to the Toneshell backdoor family and represents an updated variant used by these threat groups.
ALIASES:
Yokai Backdoor
TAGS:
remote_accesstargeted_attackpersistencehive0154mustang_pandatoneshell_variant

[MUTEX_SIGNATURES](1)

[MUTEX_01]
k1tpddvivh74fo1et725okr1c1
ANALYST: @adhikara13 DATE: 2024-12-30
REFERENCES:
https://www.ibm.com/think/x-force/hive0154-drops-updated-toneshell-backdoor

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:
Hive0154, Mustang Panda
FIRST_OBSERVED:
2024

[SIGMA_RULE]

[STATISTICS]
MUTEX_COUNT:1
THREAT_ACTORS:1
ALIASES:1
TAGS:6
CATEGORY:BACKDOOR
 Malware profile loaded successfully 
 EvilMutex Project v1.0.0 
 Open Source Threat Intelligence Database 
[GITHUB][DOCS]