SYMBOLCOMMON_NAMEaka. SYNONYMS

Turla  (Back to overview)

aka: ATK13, Blue Python, G0010, Group 88, Hippo Team, IRON HUNTER, ITG12, KRYPTON, MAKERSMARK, Pacifier APT, Pfinet, Popeye, SIG23, SUMMIT, Secret Blizzard, Snake, TAG_0530, UAC-0003, UAC-0024, UAC-0144, UNC4210, Uroburos, VENOMOUS Bear, WRAITH, Waterbug

A 2014 Guardian article described Turla as: 'Dubbed the Turla hackers, initial intelligence had indicated western powers were key targets, but it was later determined embassies for Eastern Bloc nations were of more interest. Embassies in Belgium, Ukraine, China, Jordan, Greece, Kazakhstan, Armenia, Poland, and Germany were all attacked, though researchers from Kaspersky Lab and Symantec could not confirm which countries were the true targets. In one case from May 2012, the office of the prime minister of a former Soviet Union member country was infected, leading to 60 further computers being affected, Symantec researchers said. There were some other victims, including the ministry for health of a Western European country, the ministry for education of a Central American country, a state electricity provider in the Middle East and a medical organisation in the US, according to Symantec. It is believed the group was also responsible for a much - documented 2008 attack on the US Central Command. The attackers - who continue to operate - have ostensibly sought to carry out surveillance on targets and pilfer data, though their use of encryption across their networks has made it difficult to ascertain exactly what the hackers took.Kaspersky Lab, however, picked up a number of the attackers searches through their victims emails, which included terms such as Nato and EU energy dialogue Though attribution is difficult to substantiate, Russia has previously been suspected of carrying out the attacks and Symantecs Gavin O’ Gorman told the Guardian a number of the hackers appeared to be using Russian names and language in their notes for their malicious code. Cyrillic was also seen in use.'


Associated Families
apk.cyber_azov asp.unidentified_001 elf.penquin_turla js.kopiluwak js.minijs js.turla_ff_ext js.turla_maintools osx.uroburos win.agent_btz win.cobra win.comlook win.crutch win.delivery_check win.gazer win.kazuar win.ksl0t win.lightneuron win.lunarmail win.mosquito win.nautilus win.netflash win.neuron win.newpass win.outlook_backdoor win.powershellrunner win.quietcanary win.satellite_turla win.skipper win.tiny_turla win.tinyturla_ng win.turla_rpc win.turla_silentmoon win.uroburos win.wipbot win.pelmeni

References
2024-05-20cybleCyble
Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection
TinyTurlaNG
2024-05-15ESET ResearchFilip Jurčacko
To the Moon and back(doors): Lunar landing in diplomatic missions
LunarMail
2024-05-14YouTube (botconf eu)Yassir Laaouissi
Panni pelmeni: Turla loves dumplings
Pelmeni
2024-04-18EchoCTIBilal BAKARTEPE, bixploit
Turla APT Analysis with TinyTurla-NG
TinyTurlaNG
2024-02-19Lab52Lab52
Pelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor)
Pelmeni
2024-02-15Cisco TalosArnaud Zobec, Asheer Malhotra, Holger Unterbrink, Vitor Ventura
TinyTurla Next Generation - Turla APT spies on Polish NGOs
TinyTurlaNG
2023-10-31Palo Alto Networks Unit 42Daniel Frank, Tom Fakterman
Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)
Kazuar
2023-09-28CIPState Service of Special Communication and Information Protection of Ukraine (CIP)
Russia's Cyber Tactics H1' 2023
APT29 Sandworm Turla XakNet Zarya
2023-09-22Sophos X-OpsSophos X-Ops
Mastodon Thread on observed activity involving TinyTurla
TinyTurla
2023-08-30Kaspersky LabsDavid Emm
IT threat evolution in Q2 2023
3CX Backdoor Bankshot BLINDINGCAN GoldMax Kazuar QUIETCANARY tomiris GoldenJackal
2023-07-26cocomelonccocomelonc
Malware development trick - part 35: Store payload in alternate data streams. Simple C++ example.
Valak POWERSOURCE Gazer PowerDuke
2023-07-19Twitter (@MsftSecIntel)Microsoft Threat Intelligence
Tweet on targeted attacks against the defense sector in Ukraine and Eastern Europe by the threat actor Secret Blizzard
DeliveryCheck Kazuar
2023-07-18Cert-UACert-UA
Targeted Turla attacks (UAC-0024, UAC-0003) using CAPIBAR and KAZUAR malware (CERT-UA#6981)
DeliveryCheck Kazuar
2023-05-09CISACISA
Hunting Russian Intelligence “Snake” Malware
Agent.BTZ Cobra Carbon System Uroburos
2023-04-24Kaspersky LabsIvan Kwiatkowski, Pierre Delcher
Tomiris called, they want their Turla malware back
KopiLuwak Andromeda Ave Maria GoldMax JLORAT Kazuar Meterpreter QUIETCANARY RATel Roopy Telemiris tomiris Topinambour Tomiris
2023-02-16GoogleShane Huntley
Fog of war: how the Ukraine conflict transformed the cyber threat landscape
APT28 Ghostwriter SaintBear Sandworm Turla
2023-02-15GoogleGoogle Threat Analysis Group, Mandiant
Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape
CaddyWiper Dharma HermeticWiper INDUSTROYER2 PartyTicket WhisperGate Callisto Curious Gorge MUSTANG PANDA Turla
2023-01-05MandiantEduardo Mattos, Gabby Roncone, John Wolfram, Sarah Hawley, Tyler McLellan
Turla: A Galaxy of Opportunity
KopiLuwak Andromeda QUIETCANARY
2022-09-20cocomelonc
Malware development: persistence - part 11. Powershell profile. Simple C++ example.
Turla RAT TurlaRPC
2022-08-01Twitter (@sekoia_io)sekoia
Tweet on Turla's CyberAzov activity
CyberAzov
2022-07-19GoogleBilly Leonard
Continued cyber activity in Eastern Europe observed by TAG
CyberAzov APT28 Callisto Ghostwriter Sandworm Turla
2022-07-19GoogleBilly Leonard
Continued cyber activity in Eastern Europe observed by TAG
CyberAzov
2022-06-12cocomelonc
Malware development: persistence - part 7. Winlogon. Simple C++ example.
BazarBackdoor Gazer TurlaRPC Turla SilentMoon
2022-05-11ExaTrackTristan Pourcelot
Tricephalic Hellkeeper: a tale of a passive backdoor
BPFDoor Bvp47 Uroburos
2022-05-02cocomelonccocomelonc
Malware development: persistence - part 3. COM DLL hijack. Simple C++ example
Agent.BTZ Ave Maria Konni Mosquito TurlaRPC
2022-04-26cocomelonccocomelonc
Malware development: persistence - part 2. Screensaver hijack. C++ example.
Gazer
2022-03-28Cyber Geeks (CyberMasterV)Vlad Pasca
A Step-by-Step Analysis of the Russian APT Turla Backdoor called TinyTurla
TinyTurla
2022-02-28Lab52Jagaimo Kawaii
Looking for Penquins in the Wild
Penquin Turla
2022-01-25Möbius Strip Reverse EngineeringRolf Rolles
An Exhaustively Analyzed IDB for ComLook
ComLook
2022-01-20Twitter (@ClearskySec)ClearSky Cybersecurity
Tweet on ComLook backdoor used by Turla
ComLook
2021-12-01ESET ResearchAlexis Dorais-Joncas, Facundo Muñoz
Jumping the air gap: 15 years of nation‑state effort
Agent.BTZ Fanny Flame Gauss PlugX Ramsay Retro Stuxnet USBCulprit USBferry
2021-11-05Emanuele De Lucia on SecurityEmanuele De Lucia
The BigBoss Rules: Something about one of the Uroburos’ RPC-based backdoors
Turla SilentMoon
2021-09-27Medium ryancorRyan Cornateanu
Deobfuscating PowerShell Malware Droppers
Agent.BTZ
2021-09-21Talos IntelligenceTalos
TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines
TinyTurla
2021-06-12YouTube (BSidesBoulder)Kaspersky, Kurt Baumgartner
Same and Different - sesame street level attribution
Kazuar SUNBURST
2021-04-29ESET ResearchAndy Garth, Daniel Chromek, Matthieu Faou, Robert Lipovsky, Tony Anscombe
ESET Industry Report on Government: Targeted but not alone
Exaramel Crutch Exaramel HyperBro HyperSSL InvisiMole XDSpy
2021-04-27KasperskyGReAT
APT trends report Q1 2021
PAS Artra Downloader BadNews Bozok DILLJUICE Kazuar Quasar RAT SodaMaster
2021-02-28PWC UKPWC UK
Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team
2021-02-19Palo Alto Networks Unit 42Dominik Reichel
IronNetInjector: Turla’s New Malware Loading Tool
Agent.BTZ IronNetInjector TurlaRPC
2021-02-16US Department of DefenseUS Department of Defense
The creation of the 2020 ComRATv4 illustration
Agent.BTZ
2021-01-11Kaspersky LabsCostin Raiu, Georgy Kucherin, Igor Kuznetsov
Sunburst backdoor – code overlaps with Kazuar
Kazuar SUNBURST
2020-12-21IronNetAdam Hlavek, Kimberly Ortiz
Russian cyber attack campaigns and actors
WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess
2020-12-21IntezerIntezer
Top Linux Cloud Threats of 2020
AgeLocker AnchorDNS Blackrota Cloud Snooper Dacls Doki FritzFrog IPStorm Kaiji Kinsing NOTROBIN Penquin Turla PLEAD Prometei RansomEXX Stantinko TeamTNT TSCookie WellMail elf.wellmess TeamTNT
2020-12-02ESET ResearchMatthieu Faou
Turla Crutch: Keeping the “back door” open
Crutch Gazer Turla
2020-10-29US-CERTUS-CERT
Malware Analysis Report (AR20-303A): PowerShell Script: ComRAT
Agent.BTZ
2020-10-28AccentureCyber Defense
Turla uses HyperStack, Carbon, and Kazuar to compromise government entity
Cobra Carbon System Kazuar TurlaRPC Turla SilentMoon
2020-09-25Github (sisoma2)Marc
Turla Carbon System
Cobra Carbon System
2020-09-11Twitter (@Arkbird_SOLG)Arkbird
Tweet on discovery of a sample
Turla SilentMoon
2020-09-10Kaspersky LabsGReAT
An overview of targeted attacks and APTs on Linux
Cloud Snooper Dacls DoubleFantasy MESSAGETAP Penquin Turla Tsunami elf.wellmess X-Agent
2020-09-01Möbius Strip Reverse EngineeringRolf Rolles
An Exhaustively-Analyzed IDB for ComRAT v4
Agent.BTZ
2020-07-29ESET Researchwelivesecurity
THREAT REPORT Q2 2020
DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor
2020-07-29Kaspersky LabsGReAT
APT trends report Q2 2020
PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel
2020-07-21YouTube ( OPCDE with Matt Suiche)Mohamad Mokbel
vOPCDE #9 - A Journey into Malware HTTP Communication Channels Spectacles (Mohamad Mokbel)
Alureon Aytoke Cobra Carbon System CROSSWALK danbot ProtonBot Silence
2020-07-14TelsyTelsy
Turla / Venomous Bear updates its arsenal: “NewPass” appears on the APT threat scene
NewPass Turla
2020-06-09Kaspersky LabsCostin Raiu
Looking at Big Threats Using Code Similarity. Part 1
Penquin Turla CCleaner Backdoor EternalPetya Regin WannaCryptor XTunnel
2020-06-07Youtube (OPCDE)Antonio Villani, Silvio La Porta
The Penquin is in da house
Penquin Turla
2020-05-28EpicTurlaJuan Andrés Guerrero-Saade
SysInTURLA
Kazuar
2020-05-26ESET ResearchMatthieu Faou
From Agent.BTZ to ComRAT v4: A ten‑year journey
Agent.BTZ
2020-05-26ESET ResearchMatthieu Faou
From Agent.BTZ to ComRAT v4: A ten‑year journey (White Paper)
Agent.BTZ
2020-05-21PICUS SecuritySüleyman Özarslan
T1055 Process Injection
BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE
2020-05-14LeonardoLeonardo’s Cyber Security division
Malware Technical Insight Turla "Penquin_x64"
Penquin Turla
2020-04-07BlackberryBlackberry Research
Decade of the RATS: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android
Penquin Turla XOR DDoS ZXShell
2020-03-12Recorded FutureInsikt Group
Swallowing the Snake’s Tail: Tracking Turla Infrastructure
TwoFace Mosquito
2020-03-12ESET ResearchMatthieu Faou
Tracking Turla: New backdoor delivered via Armenian watering holes
LightNeuron Mosquito NetFlash Skipper
2020-03-12Recorded FutureInsikt Group
Swallowing the Snake’s Tail: Tracking Turla Infrastructure
Mosquito Sinowal
2020-03-04CrowdStrikeCrowdStrike
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER
2020-03-03PWC UKPWC UK
Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle
2020-02-13QianxinQi Anxin Threat Intelligence Center
APT Report 2019
Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy
2020-01-01SecureworksSecureWorks
IRON HUNTER
Agent.BTZ Cobra Carbon System LightNeuron Mosquito Nautilus Neuron Skipper Uroburos Turla
2019-10-21NCSC UKNCSC UK
Advisory: Turla group exploits Iranian APT to expand coverage of victims
Nautilus Neuron
2019-08-12Kindred SecurityKindred Security
An Overview of Public Platform C2’s
HTML5 Encoding LOWBALL Makadocs MiniDuke RogueRobinNET RokRAT
2019-07-26Github (eset)ESET Research
Turla Indicators of Compromise
Gazer
2019-07-080ffset Blog0verfl0w_
Analyzing KSL0T (Turla’s Keylogger), Part 2 – Reupload
KSL0T
2019-07-080ffset Blog0verfl0w_
Analyzing KSL0T (Turla’s Keylogger), Part 1 – Reupload
KSL0T
2019-06-20SymantecSymantec DeepSight Adversary Intelligence Team, Symantec Network Protection Security Labs
Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments
LightNeuron
2019-05-29ESET ResearchMatthieu Faou, Romain Dumont
A dive into Turla PowerShell usage
PowerShellRunner TurlaRPC
2019-05-19TelsyWebmaster
Following the Turla’s Skipper over the ocean of cyber operations
Skipper
2019-05-07ESET ResearchMatthieu Faou
Turla LightNeuron: An email too far
LightNeuron
2019-05-01ESET ResearchMatthieu Faou
TURLA LIGHTNEURON: One email away from remote code execution
LightNeuron
2019-04-19Github (hfiref0x)hfiref0x
TDL (Turla Driver Loader) Repository
Cobra Carbon System
2019-04-13GitHubVitali Kremez
Decoded Turla Powershell Implant
PowerShellRunner
2019-01-17Twitter (@VK_intel)Vitali Kremez
Tweet on Turla Outlook Backdoor
Outlook Backdoor
2019-01-01MITREMITRE ATT&CK
Group description: Turla
Turla
2019-01-01Council on Foreign RelationsCyber Operations Tracker
Turla
Turla
2018-11-22nccgroupMatt Lewis
Turla PNG Dropper is back
Uroburos Turla
2018-11-22nccgroupBen Humphrey
Turla PNG Dropper is back
Uroburos Turla
2018-10-05_
Post 0x17.2: Analyzing Turla’s Keylogger
KSL0T
2018-10-04Kaspersky LabsGReAT
Shedding Skin – Turla’s Fresh Faces
KopiLuwak Agent.BTZ Cobra Carbon System Gazer Meterpreter Mosquito Skipper
2018-09-10Youtube ( Monnappa K A)Monnappa K A
turla gazer backdoor code injection & winlogon shell persistence
Gazer
2018-08-22Bleeping ComputerIonut Ilascu
Turla Outlook Backdoor Uses Clever Tactics for Stealth and Persistence
Turla
2018-08-22ESET ResearchESET researchers
Turla Outlook Backdoor
Outlook Backdoor
2018-07-10Kaspersky LabsGReAT
APT Trends Report Q2 2018
LightNeuron PoorWeb
2018-05-22ESET ResearchESET Research
Turla Mosquito: A shift towards more generic tools
Mosquito Turla
2018-03-01CrySyS LabBoldizsar Bencsath
Territorial Dispute – NSA’s perspective on APT landscape
9002 RAT Agent.BTZ DuQu EYService Flame FlowerShop Stuxnet Uroburos
2018-03-01Kaspersky LabsCostin Raiu, Daniel Moore, Juan Andrés Guerrero-Saade, Thomas Rid
Penquin's Moonlit Maze
Penquin Turla
2018-02-09ExaTrackStéfan Le Berre
Hey Uroburos! What's up ?
Uroburos
2018-01-22ZDNetDanny Palmer
This hacking gang just updated the malware it uses against UK targets
Turla
2018-01-17NCSC UKNCSC UK
Turla group malware
Nautilus Neuron
2018-01-01ESET ResearchEset
Diplomats in Eastern Europe bitten by a Turla mosquito
Mosquito
2017-12-24Twitter (@juanandres_gs)Juan Andrés Guerrero-Saade
Tweet on Turla Penquin
Penquin Turla
2017-10-05Angel Alonso-Parrizas
Analysis of a malicious DOC used by Turla APT group; hunting persistence via PowerShell
KopiLuwak
2017-10-04Twitter (@JohnLaTwC)John Lambert
Tweet on Turla JS backdoor
Maintools.js
2017-09-13IntezerOmri Ben Bassat
New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 2/2
Agent.BTZ
2017-08-30Kaspersky LabsGReAT
Introducing WhiteBear
Gazer Turla White Bear
2017-08-30ESET ResearchGraham Cluley
New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies
Gazer
2017-08-21Trend MicroTrend Micro
Cyberespionage Group Turla Deploys Backdoor Ahead of G20 Task Force Summit
Turla
2017-08-18vmwareJared Myers
Threat Analysis: Carbon Black Threat Research Dissects PNG Dropper
Uroburos
2017-08-17ProofpointDarien Huss
Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack
KopiLuwak
2017-08-09CSECSE Canada
Hackers are Humans too
Satellite Turla
2017-08-07IntezerOmri Ben Bassat
New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 1/2
Agent.BTZ
2017-08-01ESET ResearchGazing at Gazer, Turla’s new second stage backdoor
Gazing at Gazer Turla’s new second stage backdoor
Turla
2017-06-07engadgetMallory Locklear
Russian malware link hid in a comment on Britney Spears' Instagram
Turla
2017-06-06ESET ResearchJean-Ian Boutin
Turla’s watering hole campaign: An updated Firefox extension abusing Instagram
HTML5 Encoding Skipper
2017-05-05MalwarebytesThomas Reed
Snake malware ported from Windows to Mac
Uroburos
2017-05-03Fox-ITJelle Vergeer, Krijn de Mik, Maarten van Dantzig, Mitchel Sahertian, Yun Zheng Hu
Snake: Coming soon in Mac OS X flavour
Uroburos
2017-05-03Palo Alto Networks Unit 42Brandon Levene, Robert Falcone, Tyler Halfpop
Kazuar: Multiplatform Espionage Backdoor with API Access
Kazuar
2017-05-03Palo Alto Networks Unit 42Brandon Levene, Robert Falcone, Tyler Halfpop
Kazuar: Multiplatform Espionage Backdoor with API Access
Turla
2017-04-03Kaspersky LabsNikolay Pankov
Moonlight Maze: Lessons from history
Turla
2017-04-03Kaspersky LabsCostin Raiu, Daniel Moore, Juan Andrés Guerrero-Saade, Thomas Rid
Moonlight Maze Technical Report (Appendix B)
Penquin Turla
2017-04-03Kaspersky LabsCostin Raiu, Daniel Moore, Juan Andrés Guerrero-Saade, Thomas Rid
Penquin’s Moonlit Maze
Penquin Turla
2017-03-30ESET ResearchESET Research
Carbon Paper: Peering into Turla’s second stage backdoor
Cobra Carbon System Turla
2017-02-02Kaspersky LabsBrian Bartholomew
KopiLuwak: A New JavaScript Payload from Turla
KopiLuwak
2016-09-07Virus BulletinBrian Bartholomew, Juan Andrés Guerrero-Saade
Wave Your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks
DuQu JripBot Sinowal Stuxnet Wipbot
2016-06-30BitdefenderBitdefender
Pacifier APT
Gazer Turla
2016-06-30BitdefenderBitdefender
Pacifier APT
Skipper
2016-05-23Reporting and Analysis Centre for Information Assurance MELANISpecialist Staff
Technical Report about the Malware used in the Cyberespionage against RUAG
Turla
2016-05-23MELANI GovCERTGovCERT.ch
APT Case RUAG - Technical Report
Cobra Carbon System
2016-01-14SymantecSecurity Response
The Waterbug attack group
Agent.BTZ Wipbot
2016-01-14SymantecSecurity Response
The Waterbug attack group
Agent.BTZ Cobra Carbon System Wipbot Turla
2016-01-13Yie
Russian group behind 2013 Foreign Ministry hack
Turla
2015-11-01FireEyeFireEye
PINPOINTING TARGETS: Exploiting Web Analytics to Ensnare Victims
witchcoven Turla
2015-09-09Kaspersky LabsStefan Tanase
Satellite Turla: APT Command and Control in the Sky
Turla
2015-09-09Kaspersky LabsStefan Tanase
Satellite Turla: APT Command and Control in the Sky
Satellite Turla Turla
2015-02-11FIRST TbilisiAndrzej Dereszowski
Turla-development & operations
Turla
2015-01-20G DataG Data
Analysis of Project Cobra
Cobra Carbon System
2015-01-15G DataG Data
Weiterentwicklung anspruchsvoller Spyware: von Agent.BTZ zu ComRAT
Agent.BTZ
2015-01-01BitdefenderAndrei Ardelean, Claudiu Cobliș, Cristian Istrate, Marius Tivadar
New Pacifier APT Components Point to Russian-Linked Turla Group
KopiLuwak Gazer Skipper
2014-12-09ThreatpostMichael Mimoso
Linux Modules Connected to Turla APT Discovered
Turla
2014-12-08Kaspersky LabsCostin Raiu, Kurt Baumgartner
The ‘Penquin’ Turla
Turla
2014-11-11G DataG Data
The Uroburos case: new sophisticated RAT identified
Agent.BTZ Uroburos
2014-08-07The GuardianTom Brewster
Sophisticated 'Turla' hackers spying on European governments, say researchers
Turla
2014-08-07Kaspersky LabsGReAT
The Epic Turla Operation
Turla
2014-08-07Kaspersky LabsGReAT
The Epic Turla Operation
Cobra Carbon System Uroburos Wipbot Turla
2014-06-02G DataG Data
Analysis of Uroburos, using WinDbg
Uroburos
2014-05-13G DataG Data
Uroburos rootkit: Belgian Foreign Ministry stricken
Uroburos
2014-03-17BAE SystemsBAE Systems Applied Intelligence
Snake Campaign & Espionage Toolkit
Agent.BTZ Uroburos
2014-03-12Blog (Artem Baranov)Andrzej Dereszowski, Matthieu Kaczmarek
Uroburos: the snake rootkit
Uroburos
2014-03-12Kaspersky LabsAlexander Gostev
Agent.btz: a Source of Inspiration?
Agent.BTZ
2014-03-07G DataG Data
Uroburos – Deeper travel into kernel protection mitigation
Uroburos
2014-02-28G Data BlogG Data
Uroburos - highly complex espionage software with Russian roots
Uroburos
2014-01-01circl.luCIRCL
TR-25 Analysis - Turla / Pfinet / Snake/ Uroburos
Cobra Carbon System Uroburos Turla
2010-08-25The New York TimesBrian Knowlton
Military Computer Attack Confirmed
Turla
2008-11-30ThreatExpertSergei Shevchenko
Agent.btz - A Threat That Hit Pentagon
Agent.BTZ

Credits: MISP Project