Malware: Gomir

Description

Gomir is a Linux backdoor variant of the Go-based malware [GoBear](https://attack.mitre.org/software/S1197), uniquely assoicated with [Kimsuky](https://attack.mitre.org/groups/G0094) operations.(Citation: Symantec Troll Stealer 2024)

External References

• mitre-attack
• Symantec Troll Stealer 2024

Techniques Used by This Malware

• T1016 — System Network Configuration Discovery
• T1018 — Remote System Discovery
• T1053.003 — Cron
• T1059.004 — Unix Shell
• T1069.001 — Local Groups
• T1070.004 — File Deletion
• T1071.001 — Web Protocols
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1090.001 — Internal Proxy
• T1132.001 — Standard Encoding
• T1543.002 — Systemd Service
• T1573 — Encrypted Channel
• T1573.002 — Asymmetric Cryptography

APT Groups Using This Malware

• Kimsuky