Telemiris

Description

(Kaspersky) Telemiris is a Python backdoor originally packed with PyInstaller (we later identified some Nuitka-packaged samples as well). Its name derives from the fact that it uses Telegram as a C2 channel. After setting up persistence (copying itself under %AppData%/service/ and creating a RUN key entry), the malware enters its main loop where it waits for Telegram messages and replies to them.

Names

Name
Telemiris

Type

Backdoor

Information

https://securelist.com/tomiris-called-they-want-their-turla-malware-back/109552/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.telemiris

Other Information

Uuid

d0baa819-6460-425e-b5f0-e64fe8ea18db

Last Card Change

2023-06-22

Threat Intelligence Garden

Explorer

Telemiris

Telemiris

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks