SPAWNCHIMERA
MITREOther
Unknown
Unknown
[SPAWNCHIMERA](https://attack.mitre.org/software/S9024) is a backdoor that supports command and control and can inject malicious components into native processes.(Citation: CISA SPAWNCHIMERA RESURGE February 2026)(Citation: Google UNC5221 BRICKSTORM SPAWNCHIMERA April 2024)(Citation: JPCERT SPAWNCHIMERA Ivanti February 2025) [SPAWNCHIMERA](https://attack.mitre.org/software/S9024) It incorporates capabilities from multiple tools within the SPAWN malware family, including SPAWNANT, SPAWNMOLE, and SPAWNSNAIL.(Citation: Google UNC5221 Ivanti January 2025)(Citation: Google UNC5221 BRICKSTORM SPAWNCHIMERA April 2024)(Citation: JPCERT SPAWNCHIMERA Ivanti February 2025) [SPAWNCHIMERA](https://attack.mitre.org/software/S9024) was first reported in April 2024.(Citation: Google UNC5221 BRICKSTORM SPAWNCHIMERA April 2024) [SPAWNCHIMERA](https://attack.mitre.org/software/S9024) has been observed in activity attributed to People's Republic of China (PRC) state-sponsored threat actors, including UNC5221..(Citation: Google UNC5221 Ivanti January 2025)(Citation: Google UNC5221 Ivanti April 2025)(Citation: Google UNC5221 BRICKSTORM SPAWNCHIMERA April 2024)(Citation: Picus Security UNC5221 Ivanti May 2025)
Associated Techniques (23)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1005 | Data from Local System | - |
| T1027.013 | Encrypted/Encoded File | - |
| T1037 | Boot or Logon Initialization Scripts | - |
| T1040 | Network Sniffing | - |
| T1055.002 | Portable Executable Injection | - |
| T1057 | Process Discovery | - |
| T1059.006 | Python | - |
| T1070.004 | File Deletion | - |
| T1070.006 | Timestomp | - |
| T1082 | System Information Discovery | - |
| T1140 | Deobfuscate/Decode Files or Information | - |
| T1480.002 | Mutual Exclusion | - |
| T1505.003 | Web Shell | - |
| T1518.001 | Security Software Discovery | - |
| T1553.002 | Code Signing | - |
Metadata
| ID: | 164669 |
| Created: | 28/04/2026 16:00 |
| Updated: | 10/05/2026 16:00 |