Rocketman

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
RocketMan is a type of malware, short for malicious software, which is designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once it gains access, RocketMan can steal personal information, disrupt operations, or even hold data hostage for ransom. The SHA-256 hash for RocketMan is 009406c1c7c0b289a25d44dfaa8364633d9b71df5f3c7a65deec1ef00a8c2ebb. This malware has been linked to the cyber threat group Tomiris, along with other tools such as Topinambour, Tunnus, and TunnusSched (also known as QUIETCANARY). Evidence suggests that these tools may be exclusively owned by Tomiris. Notably, victims of these attacks have included government entities in Russia, discovered in 2019, indicating the serious nature of this threat and its potential for high-level disruption. RocketMan shares the same RC4 implementation as Tunnus and Topinambour, two other malwares associated with Tomiris. This commonality suggests that these tools are likely developed by the same entity, further strengthening the link between RocketMan and the Tomiris group. As such, organizations need to be vigilant about this threat and employ robust cybersecurity measures to protect their systems.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Topinambour
1
Topinambour is a malicious software (malware) that has been linked to the hacking group Turla, as reported by Kaspersky and Securelist. This malware, identified by SHA-256 29314f3cd73b81eda7bd90c66f659235e6bb900e499c9cc7057d10a9083a0b94, is known for its ability to exploit and damage computers or de
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
TomirisUnspecified
1
Tomiris is a malicious software (malware) group that has been active since before 2019. Known for its use of the QUIETCANARY backdoor, Tomiris has expanded its capabilities and influence within the region, targeting government entities and other high-value targets. The group has shown a particular i
TunnusschedUnspecified
1
TunnusSched is a malicious software (malware) that has been used by the Advanced Persistent Threat (APT) group known as Tomiris. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is capable of stealing personal information, disrupting operations, and even h
QUIETCANARYUnspecified
1
Quietcanary is a malicious software (malware) that has been exploited by threat groups such as Pensive Ursa and Tomiris. The malware, known for its backdoor capabilities, has been in use since at least 2019, with Pensive Ursa deploying it against targets in Ukraine in September 2022, often in conjun
TunnusUnspecified
1
Tunnus is a type of malware, or malicious software, that has been identified as potentially harmful to computer systems and devices. Identified by the SHA-256 hash 046f11a6c561e46e6bf199ab7f50e74a4d2aaead68cdbd6ce44b37b5b4964758, Tunnus uses the same RC4 implementation as TunnusSched and Topinambour
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Tunnussched QuietcanaryUnspecified
1
None
Topinambour RocketmanUnspecified
1
None
Source Document References
Information about the Rocketman Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Tomiris called, they want their Turla malware back - GIXtools
CERT-EU
a year ago
Tomiris called, they want their Turla malware back