ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Telemiris

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Telemiris

NamesTelemiris
CategoryMalware
TypeBackdoor
Description(Kaspersky) Telemiris is a Python backdoor originally packed with PyInstaller (we later identified some Nuitka-packaged samples as well). Its name derives from the fact that it uses Telegram as a C2 channel. After setting up persistence (copying itself under %AppData%/service/ and creating a RUN key entry), the malware enters its main loop where it waits for Telegram messages and replies to them.
Information<https://securelist.com/tomiris-called-they-want-their-turla-malware-back/109552/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.telemiris>

Last change to this tool card: 22 June 2023

Download this tool card in JSON format

Previous: TeleDoor
Next: TelePowerBot

All groups using tool Telemiris

ChangedNameCountryObserved

APT groups

 Tomiris[Unknown]2020 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]