S0671

S0671Tomiris

ATT&CK
14.1
References
2

Description

[Tomiris](https://attack.mitre.org/software/S0671) is a backdoor written in Go that continuously queries its C2 server for executables to download and execute on a victim system. It was first reported in September 2021 during an investigation of a successful DNS hijacking campaign against a Commonwealth of Independent States (CIS) member. Security researchers assess there are similarities between [Tomiris](https://attack.mitre.org/software/S0671) and [GoldMax](https://attack.mitre.org/software/S0588).(Citation: Kaspersky Tomiris Sep 2021)

References

  1. https://attack.mitre.org/software/S0671
  2. https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Turian
Software
Torisma
Actor
Storm-0473
Software
Torii
Software
GoldMax
Software
Kobalos
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.