ioc[.]one - OSINT Cyber Threat Intelligence Database

Examining the Activities of the Turla APT Group

Tags

cmtmf-attack-pattern:	Application Layer Protocol Automated Exfiltration Boot Or Logon Autostart Execution Command And Scripting Interpreter Event Triggered Execution Masquerading Obfuscated Files Or Information Phishing For Information Process Injection Scheduled Task/Job
country:	Iran Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Utility - T1560.001 Bidirectional Communication - T1102.002 Bidirectional Communication - T1481.002 Boot Or Logon Autostart Execution - T1547 Command And Scripting Interpreter - T1623 Dll Search Order Hijacking - T1574.001 Drive-By Compromise - T1456 Encrypted Channel - T1521 Encrypted Channel - T1573 Event Triggered Execution - T1624 Event Triggered Execution - T1546 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over C2 Channel - T1646 Exfiltration Over Web Service - T1567 Exfiltration To Cloud Storage - T1567.002 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 Gather Victim Host Information - T1592 Gather Victim Network Information - T1590 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Ingress Tool Transfer - T1544 Ip Addresses - T1590.005 Javascript - T1059.007 Local Accounts - T1078.003 Local Data Staging - T1074.001 System Network Configuration Discovery - T1422 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerade Task Or Service - T1036.004 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Non-Standard Port - T1509 Non-Standard Port - T1571 Phishing - T1660 Phishing - T1566 Phishing For Information - T1598 Powershell - T1059.001 Process Injection - T1631 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Shortcut Modification - T1547.009 Software - T1592.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Web Service - T1481 Tool - T1588.002 Vulnerabilities - T1588.006 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Application Window Discovery - T1010 Automated Collection - T1119 Automated Exfiltration - T1020 Command-Line Interface - T1059 Data From Information Repositories - T1213 Data From Removable Media - T1025 Data Staged - T1074 Dll Search Order Hijacking - T1038 Drive-By Compromise - T1189 Exfiltration Over Alternative Protocol - T1048 Exfiltration Over Command And Control Channel - T1041 Fallback Channels - T1008 File And Directory Discovery - T1083 Remote File Copy - T1105 Masquerading - T1036 Modify Registry - T1112 Network Share Discovery - T1135 Obfuscated Files Or Information - T1027 Peripheral Device Discovery - T1120 Permission Groups Discovery - T1069 Powershell - T1086 Process Discovery - T1057 Process Injection - T1055 Rootkit - T1014 Scheduled Task - T1053 Shortcut Modification - T1023 Spearphishing Link - T1192 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Owner/User Discovery - T1033 Windows Management Instrumentation - T1047 Valid Accounts - T1078 Web Service - T1102 User Execution - T1204 Automated Collection Data From Information Repositories Drive-By Compromise Masquerading Rootkit Valid Accounts User Execution

Show in Graph

Common Information

Type	Value
UUID	6ec49ef2-aafc-41f9-af39-c6157be52586
Fingerprint	f18419f307bded40
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 22, 2023, midnight
Added to db	Oct. 15, 2024, 10:03 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Examining the Activities of the Turla APT Group
Title	Examining the Activities of the Turla APT Group
Detected Hints/Tags/Attributes	213/4/57

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_my/research/23/i/examining-the-activities-of-the-turla-group.html
Details	Source	https://www.trendmicro.com/en_sg/research/23/i/examining-the-activities-of-the-turla-group.html
Details	Source	https://www.trendmicro.com/en_in/research/23/i/examining-the-activities-of-the-turla-group.html
Details	Source	https://www.trendmicro.com/en_nz/research/23/i/examining-the-activities-of-the-turla-group.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	65	T1069
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	163	T1573
Details	MITRE ATT&CK Techniques	115	T1571
Details	MITRE ATT&CK Techniques	179	T1087
Details	MITRE ATT&CK Techniques	188	T1120
Details	MITRE ATT&CK Techniques	176	T1135
Details	MITRE ATT&CK Techniques	56	T1213
Details	MITRE ATT&CK Techniques	149	T1102
Details	MITRE ATT&CK Techniques	92	T1048
Details	MITRE ATT&CK Techniques	43	T1078.003
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	70	T1574.001
Details	MITRE ATT&CK Techniques	57	T1036.004
Details	MITRE ATT&CK Techniques	34	T1025
Details	MITRE ATT&CK Techniques	49	T1074.001
Details	MITRE ATT&CK Techniques	111	T1119
Details	MITRE ATT&CK Techniques	41	T1008
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	33	T1102.002
Details	MITRE ATT&CK Techniques	102	T1020
Details	MITRE ATT&CK Techniques	100	T1567.002
Details	MITRE ATT&CK Techniques	16	T1592.002
Details	MITRE ATT&CK Techniques	14	T1590.005
Details	MITRE ATT&CK Techniques	12	T1598.003
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	126	T1567
Details	MITRE ATT&CK Techniques	43	T1546
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	245	T1016
Details	CVE	13	cve-2013-5065
Details	CVE	10	cve-2013-3346
Details	CVE	41	cve-2012-1723
Details	Domain	285	microsoft.net
Details	File	5	ndproxy.sys
Details	File	2126	cmd.exe
Details	File	1208	powershell.exe
Details	File	4	w64time.dll
Details	File	6	w32time.dll
Details	MITRE ATT&CK Techniques	183	T1189
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	310	T1047
Details	MITRE ATT&CK Techniques	30	T1547.009
Details	MITRE ATT&CK Techniques	75	T1010
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	3	T0003
Details	MITRE ATT&CK Techniques	480	T1053
Details	MITRE ATT&CK Techniques	6	T0007