Tomiris Golang

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Tomiris Golang is a malicious software (malware) identified by its unique SHA-256 hash, fd7fe71185a70f281545a815fce9837453450bb29031954dd2301fe4da99250d. It was first introduced as a threat actor that infiltrates systems by taking over legitimate government hostnames to deploy the Tomiris Golang implant. This malware can compromise your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it poses a significant threat by potentially stealing personal information, disrupting operations, or holding data hostage for ransom. The initial report on Tomiris Golang revealed connections between this malware and other known threats such as SUNSHUTTLE and Kazuar. SUNSHUTTLE has been associated with NOBELIUM/APT29/TheDukes, a group known for their cyber espionage activities. Similarly, Kazuar has been linked to Turla, another notorious cyber espionage group. These links suggest that Tomiris Golang could be part of a larger network of cyber threats aimed at compromising security and exploiting vulnerabilities in systems. However, interpreting these connections and understanding the full scope of Tomiris Golang's capabilities and affiliations proved challenging. The complexity of these relationships underscores the sophistication of modern cyber threats and the need for robust cybersecurity measures. As Tomiris Golang continues to exploit government hostnames, it remains a significant threat to both governmental and private sector cybersecurity.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Kazuar
1
Kazuar is a sophisticated multiplatform trojan horse malware, linked to the Russian-based threat group Turla (also known as Pensive Ursa, Uroburos, Snake), which has been operating since at least 2004. This group, believed to be connected to the Russian Federal Security Service (FSB), utilizes an ar
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Implant
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
TomirisUnspecified
1
Tomiris is a malicious software (malware) group that has been active since before 2019. Known for its use of the QUIETCANARY backdoor, Tomiris has expanded its capabilities and influence within the region, targeting government entities and other high-value targets. The group has shown a particular i
SunshuttleUnspecified
1
Sunshuttle is a malicious software (malware) that has been linked to various cyber threats. Initial reports identified connections between Sunshuttle, a Tomiris Golang implant, NOBELIUM (also known as APT29 or TheDukes), and Kazuar, which is associated with Turla. However, interpreting these connect
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
NOBELIUMUnspecified
1
Nobelium, a threat actor linked to Russia's SVR, has been actively targeting French diplomatic entities as part of its cyber-espionage activities. The Advanced Persistent Threat (APT) group has utilized sophisticated techniques such as phishing and attempts to install Cobalt Strike, an advanced malw
TurlaUnspecified
1
Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Tomiris Golang Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Tomiris called, they want their Turla malware back
CERT-EU
a year ago
Tomiris called, they want their Turla malware back - GIXtools
CERT-EU
a year ago
IT threat evolution in Q2 2023 – GIXtools
CERT-EU
a year ago
IT threat evolution Q2 2023