GoBear (1e08331a-95d6-57f6-8dd2-115e2f5b83d4)
GoBear is a Go-based backdoor that abuses legitimate, stolen certificates for defense evasion purposes. GoBear is exclusively linked to Kimsuky operations.[S2W Troll Stealer 2024][Symantec Troll Stealer 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Kimsuky (37f317d8-02f0-43d4-8a7d-7a65ce8aadf1) | Tidal Groups | GoBear (1e08331a-95d6-57f6-8dd2-115e2f5b83d4) | Tidal Software | 1 |