216.73.216.89

SPAWNCHIMERA

The MITRE Corporation · Published 17/04/2026 20:25 · Modified 04/05/2026 16:31 Family

Essential information

Confidence
75/100
Is family
Yes
Published
17/04/2026 20:25
Modified
04/05/2026 16:31
Revoked
No
Author / Source
The MITRE Corporation
Related entities
23 attack patterns (mitre)

Description

[SPAWNCHIMERA](https://attack.mitre.org/software/S9024) is a backdoor that supports command and control and can inject malicious components into native processes.(Citation: CISA SPAWNCHIMERA RESURGE February 2026)(Citation: Google UNC5221 BRICKSTORM SPAWNCHIMERA April 2024)(Citation: JPCERT SPAWNCHIMERA Ivanti February 2025) [SPAWNCHIMERA](https://attack.mitre.org/software/S9024) It incorporates capabilities from multiple tools within the SPAWN malware family, including SPAWNANT, SPAWNMOLE, and SPAWNSNAIL.(Citation: Google UNC5221 Ivanti January 2025)(Citation: Google UNC5221 BRICKSTORM SPAWNCHIMERA April 2024)(Citation: JPCERT SPAWNCHIMERA Ivanti February 2025) [SPAWNCHIMERA](https://attack.mitre.org/software/S9024) was first reported in April 2024.(Citation: Google UNC5221 BRICKSTORM SPAWNCHIMERA April 2024) [SPAWNCHIMERA](https://attack.mitre.org/software/S9024) has been observed in activity attributed to People's Republic of China (PRC) state-sponsored threat actors, including UNC5221..(Citation: Google UNC5221 Ivanti January 2025)(Citation: Google UNC5221 Ivanti April 2025)(Citation: Google UNC5221 BRICKSTORM SPAWNCHIMERA April 2024)(Citation: Picus Security UNC5221 Ivanti May 2025)

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references