Fakeset
FakeSet is a Python-based backdoor/downloader associated with the Iranian threat actor MuddyWater, also known as Seedworm, which multiple sources in the content link to Iran’s Ministry of Intelligence and Security (MOIS). It was observed in intrusions beginning in February 2026 and was found on the networks of a U.S. airport, a U.S. non-profit, and in broader reporting tied to compromises affecting a U.S. bank, defense-adjacent software company, and NGOs in the U.S. and Canada. The malware is described both as a Python backdoor and as a downloader used in recent infection chains to deliver CastleLoader. Reporting states that FakeSet samples were signed with code-signing certificates issued to “Amy Cherne” and “Donald Gay,” with the Donald Gay certificate previously linked to other Seedworm-associated malware such as Stagecomp/Darkcomp. FakeSet was reportedly downloaded from Backblaze-hosted infrastructure, including gitempire.s3.us-east-005.backblazeb2.com and elvenforest.s3.us-east-005.backblazeb2.com. Across the cited reporting, FakeSet is characterized as part of MuddyWater’s persistence tooling, designed to remain hidden and preserve long-term footholds in victim environments. High-confidence victim sectors mentioned in the content include banking, aviation/transportation, nonprofits/NGOs, and defense supply chain or defense-adjacent organizations. Related activity in the same campaigns included attempted data exfiltration using Rclone to Wasabi cloud storage and deployment alongside the Deno-based backdoor Dindoor.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Groups observed using it
3 distinct threat actors attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
Fakeset [требует верификации] - Python-бэкдор. Предположительно подписан сертификатами «Amy Cherne» и «Donald Gay».
The group deployed two malware, a newly discovered backdoor called Dindoor and a Python-based tool called Fakeset, across multiple victim environments.
The group deployed two malware, a newly discovered backdoor called Dindoor and a Python-based tool called Fakeset, across multiple victim environments.
Techniques & procedures
12 distinct techniques documented for this family, organized by ATT&CK tactic.
Resource Development
1 techniqueResearchers said the malware was signed using a certificate issued to “Amy Cherne.”... The Donald Gay certificate has previously been linked to malware associated with the Seedworm threat.
Initial Access
2 techniques“MuddyWater… had already planted backdoors inside a U.S. bank, airport, defense-adjacent software company, and NGOs… new implant named Dindoor… and… Python-based backdoor called Fakeset.”
“MuddyWater has previously used spear-phishing, malicious documents, and custom backdoors to gain footholds inside targeted networks.”
Execution
2 techniquesMuddyWater... had already planted backdoors inside a U.S. bank, airport, defense-adjacent software company, and NGOs... with a new implant named Dindoor... alongside a second Python-based backdoor called Fakeset.
Execution Command and Scripting Interpreter: Python T1059.006 Python dropper executes downloaded code via exec()
Persistence
2 techniques“MuddyWater… had already planted backdoors inside a U.S. bank, airport, defense-adjacent software company, and NGOs… new implant named Dindoor… and… Python-based backdoor called Fakeset.”
Privilege Escalation
1 techniqueDefense Impairment
1 techniqueThis backdoor was signed with a certificate issued to “Amy Cherne”.
Collection
1 techniqueThe malware was signed with certificates issued to “Amy Cherne” and “Donald Gay.”... Fakeset was downloaded from infrastructure hosted on Backblaze cloud storage.
Command and Control
2 techniquesAnother malware family linked to MuddyWater is a downloader called FakeSet, which the security researchers say was used in recent infections to deliver CastleLoader.
Exfiltration
2 techniquesSeedworm , a sub-cluster of MuddyWater , established persistent backdoor access on banking, airport, defense, and NGO networks as early as February 2026, using legitimate cloud storage on Backblaze and Wasabi for delivery and Rclone for exfiltration.
MuddyWater and others compromised U.S.-Israeli-Canadian organizations through Deno-based Dindoor, Python-based Fakeset, and payload delivery and data exfiltration attempts using legitimate cloud storage.
IOCs tracked for this family
29 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.
IPs, domains, and DNS infrastructure linked to this family.
File hashes (MD5, SHA-1, SHA-256) from samples and reports.
Other indicator types observed in public reporting.
Recent activity
25 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A purported Python backdoor linked in public reporting to Seedworm, reportedly delivered from Backblaze servers and used alongside Rclone-based exfiltration to Wasabi cloud storage.
A Python backdoor observed on U.S. airport and nonprofit networks; certificate overlap and hosting artifacts linked it to Seedworm.
A Python-based implant/backdoor used by MuddyWater for pre-positioning access inside victim networks.
A Python-based malware/tool used in compromises, associated with payload delivery and data exfiltration activity.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.