Alias Description | Votes |
---|---|
Tunnussched is a possible alias for Tomiris. TunnusSched is a malicious software (malware) that has been used by the Advanced Persistent Threat (APT) group known as Tomiris. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is capable of stealing personal information, disrupting operations, and even h | 2 |
KOPILUWAK is a possible alias for Tomiris. KopiLuwak is a JavaScript-based malware used for command and control (C2) communications and victim profiling. It was initially dropped by Pensive Ursa using an MSIL dropper in a G20-themed attack in 2017, and later as a self-extracting archive (SFX) executable in late 2022. Upon execution, the SFX | 2 |
QUIETCANARY is a possible alias for Tomiris. Quietcanary is a malicious software (malware) that has been exploited by threat groups such as Pensive Ursa and Tomiris. The malware, known for its backdoor capabilities, has been in use since at least 2019, with Pensive Ursa deploying it against targets in Ukraine in September 2022, often in conjun | 2 |
Sunshuttle is a possible alias for Tomiris. Sunshuttle is a malicious software (malware) that has been linked to various cyber threats. Initial reports identified connections between Sunshuttle, a Tomiris Golang implant, NOBELIUM (also known as APT29 or TheDukes), and Kazuar, which is associated with Turla. However, interpreting these connect | 2 |
Sbz is a possible alias for Tomiris. SBZ is a potent malware, also known as a filestealer, that has been identified by cybersecurity researchers. It is characterized by its ability to upload any recent file matching a hardcoded set of extensions (.doc, .docx, .pdf, .rar, etc.) to the Command and Control (C2) server. Its discovery was f | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The SUNBURST Malware is associated with Tomiris. Sunburst is a sophisticated malware that was detected in a major supply chain attack in December 2020. The Sunburst backdoor has been tied to Kazuar, another malicious software, due to code resemblance, indicating its high level of complexity. This malware infiltrates systems, often without the user | Unspecified | 2 |
The Kazuar Malware is associated with Tomiris. Kazuar is a sophisticated multiplatform trojan horse malware that has been associated with the Russian-based threat group Turla, also known as Pensive Ursa, Uroburos, or Snake. This group, believed to be linked to the Russian Federal Security Service (FSB), has been operating since at least 2004 and | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Turla Threat Actor is associated with Tomiris. Turla, a threat actor linked to Russia, is known for its sophisticated cyber espionage operations. The group has been associated with numerous high-profile attacks, often utilizing advanced backdoors and fileless malware for infiltration and persistence. Turla's tactics, techniques, and procedures ( | Unspecified | 5 |
Alias Description | Association Type | Votes |
---|---|---|
The Proxylogon Vulnerability is associated with Tomiris. ProxyLogon is a serious software vulnerability, specifically an exploit chain in Microsoft Exchange Server. The chain includes CVE-2021-26855, a server-side request forgery (SSRF) vulnerability that allows attackers to bypass authentication and impersonate users, along with other vulnerabilities suc | Unspecified | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
DARKReading | 12 days ago | ||
CERT-EU | 10 months ago | ||
InfoSecurity-magazine | a year ago | ||
Unit42 | a year ago | ||
CERT-EU | a year ago | ||
CERT-EU | a year ago | ||
MITRE | 2 years ago | ||
CERT-EU | 2 years ago | ||
CERT-EU | 2 years ago | ||
CERT-EU | 2 years ago | ||
InfoSecurity-magazine | 2 years ago | ||
CERT-EU | 2 years ago | ||
CERT-EU | 2 years ago | ||
CERT-EU | 2 years ago | ||
CERT-EU | 2 years ago | ||
CERT-EU | 2 years ago | ||
CERT-EU | 2 years ago | ||
CERT-EU | 2 years ago | ||
CERT-EU | 2 years ago | ||
CERT-EU | 2 years ago |