Tomiris
· Published 21/12/2025 00:13 · Modified 21/12/2025 00:13
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 00:13
- Modified
- 21/12/2025 00:13
- Updated at
- 21/12/2025 00:13
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 20 attack patterns (mitre), 25 malware, 1 sectors, 9 countries, 106 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
17 MITREs 16 Malwares 66 Observables 1 APTPublished 28/11/2025 08:31 · Modified 21/12/2025 18:14
Attack patterns (MITRE) (20)
-
T1105 usesIngress Tool Transfer
-
T1189 usesDrive-by Compromise
-
T1090 usesProxy
-
T1204 usesUser Execution
-
T1102 usesWeb Service
-
T1027 usesObfuscated Files or Information
-
T1059 usesCommand and Scripting Interpreter
-
T1036 usesMasquerading
-
T1572 usesProtocol Tunneling
-
T1553 usesSubvert Trust Controls
-
T1219 usesRemote Access Tools
-
T1021 usesRemote Services
-
T1068 usesExploitation for Privilege Escalation
-
T1041 usesExfiltration Over C2 Channel
-
T1095 usesNon-Application Layer Protocol
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1132 usesData Encoding
-
T1573 usesEncrypted Channel
-
T1071 usesApplication Layer Protocol
-
T1566 usesPhishing
Malware (25)
-
FamilyPublished 28/11/2025 08:31 · Modified 28/11/2025 08:31
- Roopy
- TunnusSched
-
FamilyPublished 28/11/2025 08:31 · Modified 28/11/2025 08:31
- KOPILUWAK
-
Distopia backdoor usesFamilyPublished 28/11/2025 08:31 · Modified 28/11/2025 08:31
-
QUIETCANARY usesFamily The MITRE Corporation Confidence 100
[QUIETCANARY](https://attack.mitre.org/software/S1076) is a backdoor tool written in .NET that has been used since at least 2022 to gather and exfiltrate data from victim networks.(Citation: Mandiant Suspected Turla Campaign …
First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:37 · Modified 27/03/2026 01:05 - Topinambour
-
FamilyPublished 28/11/2025 08:31 · Modified 28/11/2025 08:31
-
FamilyPublished 28/11/2025 08:31 · Modified 28/11/2025 08:31
-
Ratel usesFamilyPublished 24/07/2024 20:45 · Modified 24/07/2024 20:45
-
Telemiris usesFamilyPublished 17/03/2026 11:03 · Modified 17/03/2026 11:03
-
FamilyPublished 28/11/2025 08:31 · Modified 28/11/2025 08:31
-
FamilyPublished 28/11/2025 08:31 · Modified 28/11/2025 08:31
-
AdaptixC2 usesFamilyPublished 08/06/2026 10:30 · Modified 08/06/2026 10:30
-
FamilyPublished 28/11/2025 08:31 · Modified 28/11/2025 08:31
- RocketMan
-
FamilyPublished 28/11/2025 08:31 · Modified 28/11/2025 08:31
-
FamilyPublished 28/11/2025 08:31 · Modified 28/11/2025 08:31
-
FamilyPublished 28/11/2025 08:31 · Modified 28/11/2025 08:31
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 19:09 · Modified 21/12/2025 19:09
- WarzoneRAT
-
Havoc usesFamilyPublished 08/06/2026 10:30 · Modified 08/06/2026 10:30
-
JLORAT usesFamilyPublished 17/03/2026 11:03 · Modified 17/03/2026 11:03
-
FamilyPublished 28/11/2025 08:31 · Modified 28/11/2025 08:31
Sectors (1)
- Government targets
Countries (9)
- Tajikistan targets
- Ukraine targets
- Kazakhstan targets
- Turkmenistan targets
- Afghanistan targets
- Uzbekistan targets
- Kyrgyzstan targets
- Belarus targets
- Russian Federation targets
Indicators (106)
-
4f237b5aa3ff4fc4e3014f693c27a1cba94fc24f3a6054c28d090592343c06a2indicates -
88.214.26.37indicates -
http://192.153.57.9/private/svchost.exeindicates -
0fc624aa9656a8bc21731bfc47fd7780da38a7e8ad7baf1529ccd70a5bb07852indicates -
http://88.214.25.249:443/netexit.rarindicates -
ab0ad77a341b12cfc719d10e0fc45a6613f41b2b3f6ea963ee6572cf02b41f4dindicates -
8391c182588b79697337e401a6424c12b3d707c00c15a17ec59059deedb0e2c4indicates -
crane.mnindicates -
80721e6b2d6168cf17b41d2f1ab0f1e6e3bf4db585754109f3b7ff9931ae9e5bindicates -
296599df29f4ffa9bf753ff9440032d912969d0bab6e3208ab88b350f9a83605indicates -
185.173.37.67indicates -
22ba8c24f1aefc864490f70f503f709d2d980b9bc18fece4187152a1d9ca5fabindicates -
5e66256adbf973f6ab2252c14d6f0d8da2d326f52f6433bcf3a7cd7c60ae8f01indicates -
ae562641ccd56f6735cb93eb4c6beba1f40921281a103f2c9e7f339bdabd0e20indicates -
188.127.231.136indicates -
85.209.128.171indicates -
http://crane.mn/wp-content/plugins/jetpack/modules/photon-cdn/EpsonDeviceControl.exeindicates -
69bb729ff354cd9651f99a05f74f3ea20d483dc8e6e5838e4dd48858fd500d29indicates -
https://crane.mn/wp-content/plugins/jetpack/modules/photon-cdn/EpsonDeviceControl.exeindicates -
192.153.57.189indicates -
8ec159179d49b44849febe7ed522c8fb836d5658ef868db41d2181fb4b1cbd3findicates -
193.149.129.113indicates -
3f94b20cb7f4ff55207660649ebbb02679c991fe03efbcb0bd3840fc7f0bd527indicates -
anam0rph.suindicates -
https://sss.qwadx.com/winsrv.exeindicates -
57bba9dc05df51765b83559e9df7798c389a9c23f13f15a22077c242b8d6f558indicates -
http://188.127.251.146:8080/sbchost.rarindicates -
206.188.196.191indicates -
0767806f5734dca1553cae6a835c24a6d92abd678928b64f70dbd8811ed44acaindicates -
91.219.148.93indicates -
148a42ccaa97c2e2352dbb207f07932141d5290d4c3b57f61a780f9168783edaindicates -
https://sss.qwadx.com/12345.exeindicates -
6b290953441b1c53f63f98863aae75bd8ea32996ab07976e498bad111d535252indicates -
http://188.127.251.146:8080/sxbchost.exeindicates -
4f17a7f8d2cec5c2206c3cba92967b4b499f0d223748d3b34f9ec4981461d288indicates -
188.127.251.146indicates -
82.115.223.210indicates -
4c8eddeab2d40178712685d09da5187b996389fba62c7f9b9635b07060b1e013indicates -
http://82.115.223.78/private/dwm.exeindicates -
8e7fb9f6acfb9b08fb424ff5772c46011a92d80191e7736010380443a46e695cindicates -
185.244.180.169indicates -
fd7fe71185a70f281545a815fce9837453450bb29031954dd2301fe4da99250dindicates -
e46a04b9950a29e8638d5ff6508db94bf2811d613995a964cb5953922b02b0acindicates -
94.198.52.210indicates -
https://docsino.ru/wp-content/private/winupdate.exeindicates -
188.127.225.191indicates -
http://195.2.79.245/winload.rarindicates -
192.165.32.78indicates -
http://195.2.79.245/winupdate.exeindicates -
http://82.115.223.78/private/sysmgmt.exeindicates -
http://89.110.98.234/winload.rarindicates -
9cd10a2d9db9cf1c5b3454c323fd148f5a322b4100f35e0a73ed4632038631ccindicates -
d59577c808e5fc0c67cfaf17fb64cd92c2ed4cb3b6c6bd7110836c8b4b856170indicates -
e2d4d030542a44a8d4cc8b97da7b26487570dda432a736766dd2ab6d57a3b787indicates -
82.115.223.218indicates -
352f9cd4c14c1002d6c8d902cbca4e96d03a8bb243b33dd192a2260fe66091a1indicates -
http://telegram.akipress.news/lsasss.rarindicates -
http://195.2.79.245/winload.exeindicates -
http://62.113.115.89/homepage/infile.phpindicates -
65da1696d36da254779a028b881a1890b0b037e7eee8ea0a9446c8bb0729c1cfindicates -
29314f3cd73b81eda7bd90c66f659235e6bb900e499c9cc7057d10a9083a0b94indicates -
https://telegram.akipress.news/lsasss.rarindicates -
78.128.112.209indicates -
0dfbc54a5a88f27e52807873c20872bc6bf92b822de90545492081c4e4f96778indicates -
7084f06f2d8613dfe418b242c43060ae578e7166ce5aeed2904a8327cd98dbdfindicates -
046f11a6c561e46e6bf199ab7f50e74a4d2aaead68cdbd6ce44b37b5b4964758indicates -
88.214.25.249indicates -
telegram.akipress.newsindicates -
4420148744799563bd559cd6bd42ac10ffe0cc2895c0f5366288272d3b947eecindicates -
ec80e96e3d15a215d59d1095134e7131114f669ebc406c6ea1a709003d3f6f17indicates -
96.9.124.207indicates -
http://89.110.98.234/winload.exeindicates -
be519d0acca77865ed569f16774e7ecb096a5a6ed0b6fe70ab5d5b438964cc11indicates -
9c086f242120be7a9e57e06b75d8ef6f051a77c6339deaeb574e80ee69590111indicates -
c5a9be4055e5f00bf3f2e6c57ba1b796157a74406657fd554d69491868cd5925indicates -
https://sss.qwadx.com/AkelPad.exeindicates -
https://sss.qwadx.com/netexit.rarindicates -
77.232.39.47indicates -
cb78495bee37e768ef4566aa1c2cfb5478bae779127430f90c3da75e407350b8indicates -
http://195.2.79.245/firefox.exeindicates -
df75defc7bde078faefcb2c1c32f16c141337a1583bd0bc14f6d93c135d34289indicates -
94.198.52.200indicates -
https://sss.qwadx.com/winload.exeindicates -
009406c1c7c0b289a25d44dfaa8364633d9b71df5f3c7a65deec1ef00a8c2ebbindicates -
188.127.227.226indicates -
e152322530819d196fb411a0cb12cf4bcc94975b400a17b95f0fc2e28f6493e5indicates -
98275bfe968d5998230bdf18de1be795b5ad42bd82b5ecb1405b00afba6f533dindicates -
85295ab44d0903a2cf4cbdcae55129a40cf5f7fb7210a304fa91a86929fd2cd9indicates -
https://docsino.ru/wp-content/private/alone.exeindicates -
http://195.2.79.245/service.exeindicates -
b144229fb62799aa23537eaf0ce267b1445a182c28f4679e8f8234eeb5e603f3indicates -
358411a3b4a327805d629612b1b64357efe5389e56ddae9128ababbc8a2357a1indicates -
b4add80567c915eadffd00f022ca738a7eb4552aedad9da8ea658f04ca693bfcindicates -
http://85.209.128.171:8000/AkelPad.rarindicates -
http://82.115.223.78/private/msview.exeindicates -
192.153.57.9indicates -
00466d76832193b3f8be186d00e48005b460d6895798a67bc1c21e4655cb2e62indicates -
http://82.115.223.78/private/spoolsvc.exeindicates -
mail.mfa.uz.webmails.infoindicates -
a4ea3462bd5aedccc783d18d24589018c257b2a6e092164c01de067a8e3cd649indicates -
http://82.115.223.78/private/svchost.exeindicates -
c9db4f661a86286ad47ad92dfb544b702dca8ffe1641e276b42bec4cde7ba9b4indicates -
77.232.42.107indicates -
64.7.199.193indicates -
82.115.223.78indicates -
cc84bfdb6e996b67d8bc812cf08674e8eca6906b53c98df195ed99ac5ec14a06indicates