Turla - Threat hunting with hints of incident response
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 65e77874-8df2-40b1-a87d-1d21849810d0 |
| Fingerprint | b2018dc38fb3dfc0 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 19, 2023, 4:51 a.m. |
| Added to db | Nov. 8, 2023, 11:57 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Turla |
| Title | Turla - Threat hunting with hints of incident response |
| Detected Hints/Tags/Attributes | 143/3/64 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 252 | ✔ | | Threat hunting with hints of incident response | https://threathunt.blog/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 11 | govcert.ch |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 5 | exatrack.com |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 18 | www.cfr.org |
|
| Details | Domain | 11 | www.latimes.com |
|
| Details | Domain | 1 | paper.bobylive.com |
|
| Details | Domain | 122 | www.kaspersky.com |
|
| Details | Domain | 1 | dmfrsecurity.com |
|
| Details | Domain | 7 | phrack.org |
|
| Details | Domain | 9 | blog.threatexpert.com |
|
| Details | Domain | 3 | www.govcert.ch |
|
| Details | Domain | 7 | www.telsy.com |
|
| Details | Domain | 12 | yle.fi |
|
| Details | Domain | 17 | cyberscoop.com |
|
| Details | Domain | 53 | blogs.blackberry.com |
|
| Details | Domain | 57 | www.theregister.com |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 73 | techcrunch.com |
|
| Details | File | 243 | autorun.inf |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 459 | regsvr32.exe |
|
| Details | File | 2 | tricephalic_hellkeeper.pdf |
|
| Details | File | 5 | eset_turla_comrat.pdf |
|
| Details | File | 1 | la-xpm-2008-nov-28-na-cyberattack28-story.html |
|
| Details | File | 2 | a_threat_actor_encyclopedia.pdf |
|
| Details | File | 5 | 6.html |
|
| Details | File | 5 | agentbtz-threat-that-hit-pentagon.html |
|
| Details | File | 2 | gdata_uroburos_redpaper_en_v1.pdf |
|
| Details | File | 1 | report_ruag-espionage-case.pdf |
|
| Details | Url | 1 | https://www.industrialcybersecuritypulse.com/threats-vulnerabilities/throwback-attack-russian-apt-group-turla-has-hit-45-countries-since-2004 |
|
| Details | Url | 6 | https://attack.mitre.org/groups/g0010 |
|
| Details | Url | 5 | https://securelist.com/the-epic-turla-operation/65545 |
|
| Details | Url | 2 | https://exatrack.com/public/tricephalic_hellkeeper.pdf |
|
| Details | Url | 1 | https://www.welivesecurity.com/wp-content/uploads/2020/05/eset_turla_comrat.pdf |
|
| Details | Url | 1 | https://www.cfr.org/cyber-operations/agentbtz |
|
| Details | Url | 1 | https://www.latimes.com/archives/la-xpm-2008-nov-28-na-cyberattack28-story.html |
|
| Details | Url | 1 | https://paper.bobylive.com/security/apt_report/a_threat_actor_encyclopedia.pdf |
|
| Details | Url | 3 | https://www.kaspersky.com/blog/moonlight-maze-the-lessons/6713 |
|
| Details | Url | 1 | https://dmfrsecurity.com/2022/01/15/100-days-of-yara-day-27-loki2 |
|
| Details | Url | 1 | http://phrack.org/issues/49/6.html |
|
| Details | Url | 2 | http://phrack.org/issues/51/6.html |
|
| Details | Url | 1 | https://securelist.com/penquins-moonlit-maze/77883 |
|
| Details | Url | 1 | https://securelist.com/agent-btz-a-source-of-inspiration/58551 |
|
| Details | Url | 5 | http://blog.threatexpert.com/2008/11/agentbtz-threat-that-hit-pentagon.html |
|
| Details | Url | 1 | https://www.mtvuutiset.fi/artikkeli/mtv3-suomen-ulkoministerio-laajan-verkkovakoilun-kohteena-vuosia/2369718 |
|
| Details | Url | 3 | https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081 |
|
| Details | Url | 1 | https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2014/08/20082353/gdata_uroburos_redpaper_en_v1.pdf |
|
| Details | Url | 1 | https://www.govcert.ch/downloads/whitepapers/report_ruag-espionage-case.pdf |
|
| Details | Url | 1 | https://www.telsy.com/following-the-turlas-skipper-over-the-ocean-of-cyber-operations |
|
| Details | Url | 1 | https://yle.fi/a/3-8591548 |
|
| Details | Url | 2 | https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor |
|
| Details | Url | 1 | https://cyberscoop.com/gazer-backdoor-turla-eset-2017 |
|
| Details | Url | 1 | https://blogs.blackberry.com/en/2017/06/this-week-in-security-6-09-2017 |
|
| Details | Url | 1 | https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack |
|
| Details | Url | 3 | https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools |
|
| Details | Url | 4 | https://www.welivesecurity.com/2019/05/29/turla-powershell-usage |
|
| Details | Url | 1 | https://www.theregister.com/2019/10/21/british_spies_russia_faking_iranian_hack |
|
| Details | Url | 4 | https://www.mandiant.com/resources/blog/turla-galaxy-opportunity |
|
| Details | Url | 1 | https://techcrunch.com/2023/05/10/turla-snake-malware-network-russia-fsb |
|
| Details | Url | 1 | https://securelist.com/sunburst-backdoor-kazuar/99981 |