FROM AGENT.BTZ TO COMRAT V4
Show in Graph
Image Description
Common Information
Type Value
UUID 69d897eb-af0e-4cf6-8288-e4273a613dec
Fingerprint 34b5317d04338f5d954a645e678edda2c8e39d5ad008d9e873c57bf9dbe64151
Analysis status DONE
Considered CTI value 2
Text language
Published May 21, 2020, 7:48 p.m.
Added to db March 10, 2024, 7:11 a.m.
Last updated Aug. 31, 2024, 2:21 a.m.
Headline FROM AGENT.BTZ TO COMRAT V4
Title FROM AGENT.BTZ TO COMRAT V4
Detected Hints/Tags/Attributes 195/4/132
Source URLs
Redirection Url
Details Source https://web-assets.esetstatic.com/wls/2020/05/eset_turla_comrat.pdf
Details Redirection https://www.welivesecurity.com/wp-content/uploads/2020/05/eset_turla_comrat.pdf
URL Provider
Details Provider Source level domain
Details esetstatic.com web-assets.esetstatic.com
Details welivesecurity.com www.welivesecurity.com
Attributes
Details Type #Events CTI Value
Details MITRE ATT&CK Techniques 444 
T1071
Details MITRE ATT&CK Techniques 149 
T1102
Details MITRE ATT&CK Techniques 24 
T1002
Details MITRE ATT&CK Techniques 28 
T1022
Details MITRE ATT&CK Techniques 92 
T1048
Details Domain 287 
yahoo.com
Details Domain 5 
docs.live.net
Details Domain 2 
aol.co.uk
Details Domain 1 
index.int
Details Domain 1 
timeout.int
Details Domain 49 
mail.google.com
Details Domain 114 
eset.com
Details Domain 12 
yle.fi
Details Domain 262 
www.welivesecurity.com
Details Domain 101 
www.theregister.co.uk
Details Domain 370 
www.proofpoint.com
Details Domain 403 
securelist.com
Details Domain 124 
www.nytimes.com
Details Domain 1 
symantec-blogs.broadcom.com
Details Domain 6 
www.melani.admin.ch
Details Domain 98 
www.ncsc.gov.uk
Details Domain 17 
www.politico.eu
Details Domain 9 
blog.threatexpert.com
Details Domain 622 
en.wikipedia.org
Details Domain 1 
turla.by
Details Domain 1 
arinas.tk
Details Domain 1 
bedrost.com
Details Domain 3 
branter.tk
Details Domain 3 
bronerg.tk
Details Domain 1 
celestyna.tk
Details Domain 3 
crusider.tk
Details Domain 1 
davilta.tk
Details Domain 1 
deme.ml
Details Domain 1 
dixito.ml
Details Domain 3 
duke6.tk
Details Domain 1 
elizabi.tk
Details Domain 1 
foods.jkub.com
Details Domain 1 
hofa.tk
Details Domain 1 
hunvin.tk
Details Domain 1 
lakify.ml
Details Domain 1 
lindaztert.net
Details Domain 1 
misters.ml
Details Domain 1 
pewyth.ga
Details Domain 1 
progress.zyns.com
Details Domain 1 
sameera.gq
Details Domain 3 
sanitar.ml
Details Domain 1 
scrabble.ikwb.com
Details Domain 1 
sumefu.gq
Details Domain 1 
umefu.gq
Details Domain 1 
vefogy.cf
Details Domain 1 
vylys.com
Details Domain 3 
wekanda.tk
Details Email 69 
threatintel@eset.com
Details File 1 
%.doc
Details File 1 
%.docx
Details File 1 
%.pdf
Details File 1 
3%.pdf
Details File 2126 
cmd.exe
Details File 1 
%systemroot%\system32\wsqmcons.exe
Details File 1260 
explorer.exe
Details File 1 
x64_release.dll
Details File 1 
%temp%\fxsapidebugtrace.txt
Details File 1 
%temp%\iecache.bin
Details File 1 
working.c4
Details File 1 
send_log.c4
Details File 1 
dir_set_ipconfig.c4
Details File 1205 
index.php
Details File 10 
document.docx
Details File 1 
documents.xlsx
Details File 5 
eset_greyenergy.pdf
Details File 3 
eset-turla-outlook-backdoor.pdf
Details File 4 
eset-gazer.pdf
Details File 6 
eset_turla_mosquito.pdf
Details File 3 
eset-lightneuron.pdf
Details File 9 
26cyber.html
Details File 5 
technical-report_apt_case_ruag.html
Details File 1 
%20neuron%20and%20nautilus%20tools%20alongside%20snake%20malware_1.pdf
Details File 5 
agentbtz-threat-that-hit-pentagon.html
Details File 1 
apaisement-du-cyberespace_5416003_4408996.html
Details sha1 1 
4d8b1f4acc638080054ffbb4cef2559583a22dc6
Details sha1 1 
dd7006d16d8e121fce8f2905433474ecced75cc0
Details sha1 2 
0139818441431c72a1935e7f740a1cc458a63452
Details sha1 1 
0ab87f7bdf7d9e54ba33fe715c11e275d5dcce15
Details IPv4 1441 
127.0.0.1
Details MITRE ATT&CK Techniques 41 
T1086
Details MITRE ATT&CK Techniques 480 
T1053
Details MITRE ATT&CK Techniques 627 
T1027
Details MITRE ATT&CK Techniques 440 
T1055
Details MITRE ATT&CK Techniques 550 
T1112
Details MITRE ATT&CK Techniques 245 
T1016
Details MITRE ATT&CK Techniques 230 
T1033
Details MITRE ATT&CK Techniques 65 
T1069
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 179 
T1087
Details MITRE ATT&CK Techniques 188 
T1120
Details MITRE ATT&CK Techniques 176 
T1135
Details MITRE ATT&CK Techniques 56 
T1213
Details MITRE ATT&CK Techniques 22 
T1024
Details MITRE ATT&CK Techniques 60 
T1043
Details Url 1 
https://docs.live.net/e65
Details Url 1 
https://mail.google.com/mail/?ui=html&zy=g
Details Url 1 
https://yle.fi/uutiset/osasto/news/russian_group_behind_2013_foreign_ministry_hack/8591548
Details Url 2 
https://www.welivesecurity.com/2017/06/06
Details Url 1 
https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine
Details Url 4 
https://www.welivesecurity.com/wp-content/uploads/2018/10/eset_greyenergy.pdf
Details Url 1 
https://www.theregister.co.uk/2020/02/14/austria_foreign_ministry_hack_turla_group_allegs
Details Url 2 
https://www.welivesecurity.com/wp-content/uploads/2018/08/eset-turla-outlook-backdoor.pdf
Details Url 2 
https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor
Details Url 4 
https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf
Details Url 5 
https://www.welivesecurity.com/wp-content/uploads/2018/01/eset_turla_mosquito.pdf
Details Url 3 
https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools
Details Url 1 
https://www.welivesecurity.com/wp-content/uploads/2019/05/eset-lightneuron.pdf
Details Url 1 
https://www.welivesecurity.com/2020/03/12/tracking-turla-new-backdoor-armenian-watering-holes
Details Url 4 
https://www.welivesecurity.com/2019/05/29/turla-powershell-usage
Details Url 1 
https://www.gdatasoftware.com/blog/2014/03/23966-uroburos-deeper-travel-into-kernel-protection-mitigation
Details Url 2 
https://www.gdatasoftware.com/blog/2015/01/23927-evolution-of-sophisticated-spyware-from-agent-btz-to-comrat
Details Url 7 
https://www.proofpoint.com/us/threat-insight/post
Details Url 3 
https://securelist.com/shedding-skin-turlas-fresh-faces/88069
Details Url 3 
https://www.nytimes.com/2010/08/26/technology/26cyber.html
Details Url 1 
https://symantec-blogs.broadcom.com/blogs/threat-intelligence/waterbug-espionage-governments
Details Url 2 
https://www.melani.admin.ch/melani/en/home/dokumentation/reports/technical-reports
Details Url 1 
https://www.ncsc.gov.uk/static-assets/documents/turla%20group%20using
Details Url 1 
https://www.politico.eu/article/report-hackers-used-outlook-for-cyberattack-on-german-government
Details Url 5 
http://blog.threatexpert.com/2008/11/agentbtz-threat-that-hit-pentagon.html
Details Url 3 
https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081
Details Url 1 
https://www.lemonde.fr/pixels/article/2019/01/29/course-aux-cyberarmes-logiciels-destructeurs-dormants-le-difficile-
Details Url 1 
https://en.wikipedia.org/wiki/abstract_factory_pattern
Details Url 1 
https://en.wikipedia.org/wiki/adapter_pattern
Details Url 1 
https://en.wikipedia.org/wiki/mediator_pattern
Details Windows Registry Key 1 
HKLM\SOFTWARE\Microsoft\SQMClient\Windows.WSqmCons
Details Windows Registry Key 3 
HKCR\http\shell\open\command