ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Tomiris

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Tomiris

NamesTomiris
CategoryMalware
TypeBackdoor
Description(Kaspersky) Tomiris is a backdoor written in Go whose role is to continuously query its C2 server for executables to download and execute on the victim system. Before performing any operations, it sleeps for at least nine minutes in a possible attempt to defeat sandbox-based analysis systems.
(Kaspersky) The backdoor, dubbed Tomiris, bears a number of similarities to the second-stage malware, Sunshuttle (aka GoldMax), used by DarkHalo last year. However, there are also a number of overlaps between Tomiris and Kazuar, a backdoor that has been linked to the Turla APT threat actor. None of the similarities is enough to link Tomiris and Sunshuttle with high confidence. However, taken together they suggest the possibility of common authorship or shared development practices.
Information<https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/>
<https://securelist.com/apt-trends-report-q3-2021/104708/>
<https://securelist.com/tomiris-called-they-want-their-turla-malware-back/109552/>
MITRE ATT&CK<https://attack.mitre.org/software/S0671/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.tomiris>

Last change to this tool card: 26 April 2023

Download this tool card in JSON format

Previous: TomBerBil
Next: TOM-Skype

All groups using tool Tomiris

ChangedNameCountryObserved

APT groups

 Tomiris[Unknown]2020 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]