Tunnus

Malware updated 23 days ago (2024-11-29T14:14:07.093Z)
Download STIX
Preview STIX
Tunnus is a type of malware, or malicious software, that has been identified as potentially harmful to computer systems and devices. Identified by the SHA-256 hash 046f11a6c561e46e6bf199ab7f50e74a4d2aaead68cdbd6ce44b37b5b4964758, Tunnus uses the same RC4 implementation as TunnusSched and Topinambour. These programs are written in JavaScript and .NET and can infiltrate systems through suspicious downloads, emails, or websites. Once inside, they have the ability to steal personal information, disrupt operations, or hold data hostage for ransom. The Tunnus malware, along with similar tools like TunnusSched (also known as QUIETCANARY), RocketMan, and Topinambour, has been linked to the cyber threat actor group Tomiris. In 2019, it was discovered that these tools were used against government victims in Russia, suggesting a high likelihood that Tunnus is part of Tomiris's arsenal. There is also speculation that these tools could be the exclusive property of Tomiris. QUIETCANARY, a lightweight .NET backdoor, has been primarily used by UNC4120 to gather and exfiltrate data from victims. However, due to the open nature of their source code, there is a possibility that other threat actors may have repurposed these tools under a false flag. The unique RC4 implementation in these samples results in strictly identical .NET bytecode, which seems to be unique to Tunnus, TunnusSched, and Topinambour. Despite some confusion in naming conventions between different reporting entities, tracking of these malicious software variants has been ongoing since at least 2019, underscoring the persistent threat they pose.
Description last updated: 2024-05-04T18:49:10.113Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
QUIETCANARY is a possible alias for Tunnus. Quietcanary is a malicious software (malware) that has been exploited by threat groups such as Pensive Ursa and Tomiris. The malware, known for its backdoor capabilities, has been in use since at least 2019, with Pensive Ursa deploying it against targets in Ukraine in September 2022, often in conjun
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Tunnus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more