Diplomats in Eastern Europe bitten by a Turla mosquito
Show in Graph
Image Description
Common Information
Type Value
UUID 30519c5e-d6a0-4c03-9ef9-86fb799e8d9e
Fingerprint b4f7be6b38a07bfe46224aa00b25b1d6e2df7349a035c97ebfc37255891bf66a
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 5, 2018, 4:47 p.m.
Added to db March 10, 2024, 7:08 a.m.
Last updated Aug. 31, 2024, 8:07 a.m.
Headline Diplomats in Eastern Europe bitten by a Turla mosquito
Title Diplomats in Eastern Europe bitten by a Turla mosquito
Detected Hints/Tags/Attributes 120/2/137
Source URLs
Redirection Url
Details Source https://web-assets.esetstatic.com/wls/2018/01/ESET_Turla_Mosquito.pdf
Details Source https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf
URL Provider
Details Provider Source level domain
Details esetstatic.com web-assets.esetstatic.com
Details welivesecurity.com www.welivesecurity.com
Attributes
Details Type #Events CTI Value
Details Domain 57 
adobe.com
Details Domain 12 
get.adobe.com
Details Domain 3 
admdownload.adobe.com
Details Domain 194 
drive.google.com
Details Domain 112 
docs.google.com
Details Domain 11 
script.google.com
Details Domain 114 
eset.com
Details Domain 262 
www.welivesecurity.com
Details Domain 55 
otx.alienvault.com
Details Domain 2 
ebay-global.publicvm.com
Details Domain 403 
securelist.com
Details Domain 6 
artemonsecurity.com
Details Domain 24 
blog.fox-it.com
Details Domain 212 
technet.microsoft.com
Details Domain 622 
en.wikipedia.org
Details Domain 2 
smallcloud.ga
Details Domain 2 
fleetwood.tk
Details Domain 2 
adstore.twilightparadox.com
Details Domain 2 
bigpen.ga
Details Domain 3 
psychology-blog.ezua.com
Details Domain 2 
agony.compress.to
Details Domain 2 
gallop.mefound.com
Details Domain 2 
auberdine.etowns.net
Details Domain 2 
skyrim.3d-game.com
Details Domain 2 
officebuild.4irc.com
Details Domain 2 
sendmessage.mooo.com
Details Domain 3 
robot.wikaba.com
Details Domain 2 
tellmemore.4irc.com
Details Domain 2 
turla.cr
Details Domain 2 
turla.cu
Details Domain 2 
turla.cv
Details Domain 2 
turla.cw
Details Domain 2 
turla.cx
Details Domain 2 
trojandownloader.cam
Details Email 69 
threatintel@eset.com
Details File 1 
flashplayer27_xa_install.exe
Details File 1 
instructionerdll.dll
Details File 1 
%appdata%\kb6867.bin
Details File 1018 
rundll32.exe
Details File 3 
ehstorshell.dll
Details File 12 
ntshrui.dll
Details File 1260 
explorer.exe
Details File 1 
%systemroot%\system32\ehstorshell.dll
Details File 1 
debugparser.dll
Details File 10 
query.php
Details File 2125 
cmd.exe
Details File 2 
google_update_checker.js
Details File 2 
local_update_checker.js
Details File 1 
%programdata%\1.txt
Details File 4 
eset-gazer.pdf
Details File 1 
ebay-global.pub
Details File 6 
snake_whitepaper.pdf
Details File 1 
turla.cs
Details File 1 
agent.reg
Details md5 1 
2E244D33DD8EB70BD83EB38E029D39AC
Details md5 1 
13B29C4840311A7BDB4C0681113598B0
Details md5 1 
3C32E13162D884AB66E44902EDDB8EEE
Details md5 1 
0AB62A3E02A036D81A64DAC9E6B53533
Details md5 1 
DFCE6F7D3A992DC2EE7FEDB8DEA58237
Details md5 1 
137EB9B6EF122857BDE72F78962ED208
Details md5 1 
3E65A6D5658E6517C59D978DC159057A
Details md5 1 
080B2CE7188547C1E9AD1B8089467261
Details md5 1 
CC3ADFE6079C1420A411B72F702E7DC7
Details md5 1 
110E9BC680C9D5452C23722F42C385B3
Details md5 1 
905B4E9A2159DAB45724333A0D99238F
Details md5 1 
DFCA3FC4B7F4C637D7319219FCEC1876
Details md5 1 
B7FD4C5119867539E36E96DE1D07AF6E
Details md5 1 
88F24B129E200C4F48852DCBB6E21DAF
Details sha1 1 
e0788a0179fd3ecf7bc9e65c1c9f107d8f2c3142
Details sha1 1 
f5abfb972495fde3d4fb3c825c3bbc437aab6c3a
Details sha1 1 
24925a2e8de38f2498906f8088cf2a8939e3cfd3
Details sha1 1 
cde4d12ef9f70988c63b66bf019c379d59a0e61f
Details sha1 1 
bee79383bcc73cf1e8e938131179223adb39ac1d
Details sha1 1 
48bcec5a65401fbe9df8626a780f831ad55060a1
Details sha1 1 
04fb0667b4a4eb1831be88958e6127cd7317638a
Details sha1 1 
e441cc1547b18bba76d2a8bd4d0f644ad5388082
Details sha1 1 
ba3519e62618b86d10830ef256cce010014e401a
Details sha1 1 
c51d288469df9f25e2fb7ac491918b3e579282ea
Details sha1 1 
3dc74671768eb90463c0901570c0aae24569b573
Details sha1 1 
4b5610ac5070a7d53041cc266630028d62935e3f
Details sha1 1 
240d3473932e4d74c09fcc241cf6ec175fdce49d
Details sha1 1 
ec451f32110de398781e3edf27354e0425a51a23
Details sha256 1 
2a61b4d0a7c5d7dc13f4f1dd5e0e3117036a86638dbafaec6ae96da507fb7624
Details sha256 1 
f6c9ae06dfc9c6898e62087cc7dbf1ac29cbd0a4bcdb12e58e0c467e11ad4f75
Details sha256 1 
e7fd14ca45818044690ca67f201cc8cfb916ccc941a105927fc4c932c72b425d
Details sha256 1 
f667680df596631fba58754c16c3041fae12ed6bf25d6068e6981ee68a6c9d0a
Details sha256 1 
26a1a42bc74e14887616f9d6048c17b1b4231466716a6426e7162426e1a08030
Details sha256 1 
05254971fe3e1ca448844f8cfcfb2b0de27e48abd45ea2a3df897074a419a3f4
Details sha256 1 
fc9961e78890f044c5fc769f74d8440fcecf71e0f72b4d33ce470e920a4a24c3
Details sha256 1 
68c6e9dea81f082601ae5afc41870cea3f71b22bfc19bcfbc61d84786e481cb4
Details sha256 1 
b295032919143f5b6b3c87ad22bcf8b55ecc9244aa9f6f88fc28f36f5aa2925e
Details sha256 1 
244896995b6b83f11df944ccda41ed9f1f1d811ebf65d75fe4337fd692011886
Details sha256 1 
5d0973324b5b9492ddf252b56a9df13c8953577bdb7450ed165abbe4bf6e72d8
Details sha256 1 
b362b235539b762734a1833c7e6c366c1b46474f05dc17b3a631b3bff95a5eec
Details sha256 1 
b79cdf929d4a340bdd5f29b3aeccd3c65e39540d4529b64e50ebeacd9cdee5e9
Details sha256 1 
443cd03b37fca8a5df1bbaa6320649b441ca50d1c1fcc4f5a7b94b95040c73d1
Details IPv4 29 
192.168.0.2
Details IPv4 142 
192.168.0.1
Details IPv4 9 
192.168.0.255
Details IPv4 3 
224.0.0.2
Details IPv4 3 
224.0.0.22
Details IPv4 9 
224.0.0.252
Details IPv4 49 
239.255.255.250
Details IPv4 59 
255.255.255.255
Details Pdb 1 
adobesysfnt09.pdb
Details Url 2 
http://admdownload.adobe.com
Details Url 1 
http://get.adobe.com/flashplayer/download
Details Url 1 
http://get.adobe.com/flashplayer/download/update
Details Url 2 
http://get.adobe.com/stats/abffcbebd/q
Details Url 1 
https://drive.google.com/uc?authuser=0&id=0b_llmikuoistm0r
Details Url 1 
https://docs.google.com/uc?authuser=0&id=0b_wy
Details Url 1 
https://script.google.com/macros/s/akfycbwf_vs5whqlhmi4eqoljetisjmgllbo
Details Url 3 
https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/.
Details Url 4 
https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf
Details Url 1 
https://otx.alienvault.com/indicator/hostname/ebay-global.publicvm.com
Details Url 1 
https://securelist.com/the-epic-turla-operation/65545/.
Details Url 3 
http://artemonsecurity.com/snake_whitepaper.pdf
Details Url 1 
https://www.welivesecurity.com/2017/09/21/new-finfisher-surveillance-campaigns/.
Details Url 1 
https://www.ripe.net/publications/news/industry-developments/youtube-hijacking-a-ripe-ncc-ris-case-study.
Details Url 1 
https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/.
Details Url 2 
https://www.gdatasoftware.com/blog/2014/10/23941-com-object-hijacking-the-discreet-way-of-persistence.
Details Url 1 
https://technet.microsoft.com/en-us/library/dn745900(v=ws.11).aspx#sec_helpassistant
Details Url 1 
https://en.wikipedia.org/wiki/blum_blum_shub.
Details Url 1 
https://script.google.com/macros/s/akfycbxxppygp3z5wgwbs
Details Url 1 
https://script.google.com/macros/s/akfycbwf_vs5whqlh
Details Url 1 
http://get.adobe.com/stats/abffcbebd/?q=
Details Url 1 
http://get.adobe.com/flashplayer/download/update/x32
Details Url 1 
http://get.adobe.com/flashplayer/download/update/x64
Details Url 1 
https://drive.google.com/uc?authuser=0&id=0b_llmikuoisteetraejym0qxqve&export=download
Details Url 1 
https://drive.google.com/uc?authuser=0&id=0b_llmikuoistm0rrekvebnffaxc&export=download
Details Url 3 
http://get.adobe.com/flashplayer
Details Windows Registry Key 1 
HKCU\Software\Run\auto_update
Details Windows Registry Key 6 
HKCR\CLSID
Details Windows Registry Key 1 
HKCU\Software\Microsoft\Windows\OneDriveUpdate
Details Windows Registry Key 31 
HKCU\Software\Microsoft\Windows
Details Windows Registry Key 26 
HKCU\Software\Microsoft
Details Windows Registry Key 41 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run