aka: Snake, VENOMOUS Bear, Group 88, Waterbug, WRAITH, Uroburos, Pfinet, TAG_0530, KRYPTON, Hippo Team, Pacifier APT, Popeye, SIG23, IRON HUNTER, MAKERSMARK, ATK13, G0010, ITG12, Blue Python, SUMMIT, UNC4210
A 2014 Guardian article described Turla as: 'Dubbed the Turla hackers, initial intelligence had indicated western powers were key targets, but it was later determined embassies for Eastern Bloc nations were of more interest. Embassies in Belgium, Ukraine, China, Jordan, Greece, Kazakhstan, Armenia, Poland, and Germany were all attacked, though researchers from Kaspersky Lab and Symantec could not confirm which countries were the true targets. In one case from May 2012, the office of the prime minister of a former Soviet Union member country was infected, leading to 60 further computers being affected, Symantec researchers said. There were some other victims, including the ministry for health of a Western European country, the ministry for education of a Central American country, a state electricity provider in the Middle East and a medical organisation in the US, according to Symantec. It is believed the group was also responsible for a much - documented 2008 attack on the US Central Command. The attackers - who continue to operate - have ostensibly sought to carry out surveillance on targets and pilfer data, though their use of encryption across their networks has made it difficult to ascertain exactly what the hackers took.Kaspersky Lab, however, picked up a number of the attackers searches through their victims emails, which included terms such as Nato and EU energy dialogue Though attribution is difficult to substantiate, Russia has previously been suspected of carrying out the attacks and Symantecs Gavin O’ Gorman told the Guardian a number of the hackers appeared to be using Russian names and language in their notes for their malicious code. Cyrillic was also seen in use.'
2023-07-26 ⋅ cocomelonc ⋅ cocomelonc @online{cocomelonc:20230726:malware:44a5642,
author = {cocomelonc},
title = {{Malware development trick - part 35: Store payload in alternate data streams. Simple C++ example.}},
date = {2023-07-26},
organization = {cocomelonc},
url = {https://cocomelonc.github.io/malware/2023/07/26/malware-tricks-35.html},
language = {English},
urldate = {2023-07-28}
}
Malware development trick - part 35: Store payload in alternate data streams. Simple C++ example. Valak POWERSOURCE Gazer PowerDuke |
2023-07-19 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Threat Intelligence @online{intelligence:20230719:targeted:a0e926e,
author = {Microsoft Threat Intelligence},
title = {{Tweet on targeted attacks against the defense sector in Ukraine and Eastern Europe by the threat actor Secret Blizzard}},
date = {2023-07-19},
organization = {Twitter (@MsftSecIntel)},
url = {https://twitter.com/msftsecintel/status/1681695399084539908},
language = {English},
urldate = {2023-07-20}
}
Tweet on targeted attacks against the defense sector in Ukraine and Eastern Europe by the threat actor Secret Blizzard DeliveryCheck Kazuar |
2023-07-18 ⋅ Cert-UA ⋅ Cert-UA @online{certua:20230718:targeted:514e9c6,
author = {Cert-UA},
title = {{Targeted Turla attacks (UAC-0024, UAC-0003) using CAPIBAR and KAZUAR malware (CERT-UA#6981)}},
date = {2023-07-18},
organization = {Cert-UA},
url = {https://cert.gov.ua/article/5213167},
language = {English},
urldate = {2023-07-20}
}
Targeted Turla attacks (UAC-0024, UAC-0003) using CAPIBAR and KAZUAR malware (CERT-UA#6981) DeliveryCheck Kazuar |
2023-05-09 ⋅ CISA ⋅ CISA @online{cisa:20230509:hunting:eee110d,
author = {CISA},
title = {{Hunting Russian Intelligence “Snake” Malware}},
date = {2023-05-09},
organization = {CISA},
url = {https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a},
language = {English},
urldate = {2023-05-10}
}
Hunting Russian Intelligence “Snake” Malware Agent.BTZ Cobra Carbon System Uroburos |
2023-04-24 ⋅ Kaspersky Labs ⋅ Pierre Delcher, Ivan Kwiatkowski @online{delcher:20230424:tomiris:2d65352,
author = {Pierre Delcher and Ivan Kwiatkowski},
title = {{Tomiris called, they want their Turla malware back}},
date = {2023-04-24},
organization = {Kaspersky Labs},
url = {https://securelist.com/tomiris-called-they-want-their-turla-malware-back/109552/},
language = {English},
urldate = {2023-04-26}
}
Tomiris called, they want their Turla malware back KopiLuwak Andromeda Ave Maria GoldMax JLORAT Kazuar Meterpreter QUIETCANARY RATel Roopy Telemiris tomiris Topinambour |
2023-02-16 ⋅ Google ⋅ Shane Huntley @online{huntley:20230216:fog:de676ba,
author = {Shane Huntley},
title = {{Fog of war: how the Ukraine conflict transformed the cyber threat landscape}},
date = {2023-02-16},
organization = {Google},
url = {https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/},
language = {English},
urldate = {2023-02-16}
}
Fog of war: how the Ukraine conflict transformed the cyber threat landscape APT28 Ghostwriter SaintBear Sandworm Turla |
2023-02-15 ⋅ Google ⋅ Google Threat Analysis Group, Mandiant @techreport{group:20230215:fog:0d99aaa,
author = {Google Threat Analysis Group and Mandiant},
title = {{Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape}},
date = {2023-02-15},
institution = {Google},
url = {https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf},
language = {English},
urldate = {2023-03-13}
}
Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape CaddyWiper Dharma HermeticWiper INDUSTROYER2 PartyTicket WhisperGate Callisto Curious Gorge MUSTANG PANDA Turla |
2023-01-05 ⋅ Mandiant ⋅ Sarah Hawley, Gabby Roncone, Tyler McLellan, Eduardo Mattos, John Wolfram @online{hawley:20230105:turla:f1d8f9b,
author = {Sarah Hawley and Gabby Roncone and Tyler McLellan and Eduardo Mattos and John Wolfram},
title = {{Turla: A Galaxy of Opportunity}},
date = {2023-01-05},
organization = {Mandiant},
url = {https://www.mandiant.com/resources/blog/turla-galaxy-opportunity},
language = {English},
urldate = {2023-01-05}
}
Turla: A Galaxy of Opportunity KopiLuwak Andromeda QUIETCANARY |
2022-09-20 ⋅ cocomelonc @online{cocomelonc:20220920:malware:c0e9c97,
author = {cocomelonc},
title = {{Malware development: persistence - part 11. Powershell profile. Simple C++ example.}},
date = {2022-09-20},
url = {https://cocomelonc.github.io/malware/2022/09/20/malware-pers-11.html},
language = {English},
urldate = {2022-10-19}
}
Malware development: persistence - part 11. Powershell profile. Simple C++ example. Turla RAT TurlaRPC |
2022-08-01 ⋅ Twitter (@sekoia_io) ⋅ sekoia @online{sekoia:20220801:turlas:ec60a74,
author = {sekoia},
title = {{Tweet on Turla's CyberAzov activity}},
date = {2022-08-01},
organization = {Twitter (@sekoia_io)},
url = {https://twitter.com/sekoia_io/status/1554086468104196096},
language = {English},
urldate = {2022-08-02}
}
Tweet on Turla's CyberAzov activity CyberAzov |
2022-07-19 ⋅ Google ⋅ Billy Leonard @online{leonard:20220719:continued:2a97da1,
author = {Billy Leonard},
title = {{Continued cyber activity in Eastern Europe observed by TAG}},
date = {2022-07-19},
organization = {Google},
url = {https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag},
language = {English},
urldate = {2022-08-05}
}
Continued cyber activity in Eastern Europe observed by TAG CyberAzov APT28 Callisto Ghostwriter Sandworm Turla |
2022-07-19 ⋅ Google ⋅ Billy Leonard @online{leonard:20220719:continued:e1dd77e,
author = {Billy Leonard},
title = {{Continued cyber activity in Eastern Europe observed by TAG}},
date = {2022-07-19},
organization = {Google},
url = {https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/},
language = {English},
urldate = {2022-07-25}
}
Continued cyber activity in Eastern Europe observed by TAG CyberAzov |
2022-06-12 ⋅ cocomelonc @online{cocomelonc:20220612:malware:e988236,
author = {cocomelonc},
title = {{Malware development: persistence - part 7. Winlogon. Simple C++ example.}},
date = {2022-06-12},
url = {https://cocomelonc.github.io/tutorial/2022/06/12/malware-pers-7.html},
language = {English},
urldate = {2022-12-01}
}
Malware development: persistence - part 7. Winlogon. Simple C++ example. BazarBackdoor Gazer TurlaRPC Turla SilentMoon |
2022-05-11 ⋅ ExaTrack ⋅ Tristan Pourcelot @techreport{pourcelot:20220511:tricephalic:d8d6265,
author = {Tristan Pourcelot},
title = {{Tricephalic Hellkeeper: a tale of a passive backdoor}},
date = {2022-05-11},
institution = {ExaTrack},
url = {https://exatrack.com/public/Tricephalic_Hellkeeper.pdf},
language = {English},
urldate = {2022-05-25}
}
Tricephalic Hellkeeper: a tale of a passive backdoor BPFDoor Bvp47 Uroburos |
2022-05-02 ⋅ cocomelonc ⋅ cocomelonc @online{cocomelonc:20220502:malware:4384b01,
author = {cocomelonc},
title = {{Malware development: persistence - part 3. COM DLL hijack. Simple C++ example}},
date = {2022-05-02},
organization = {cocomelonc},
url = {https://cocomelonc.github.io/tutorial/2022/05/02/malware-pers-3.html},
language = {English},
urldate = {2022-12-01}
}
Malware development: persistence - part 3. COM DLL hijack. Simple C++ example Agent.BTZ Ave Maria Konni Mosquito TurlaRPC |
2022-04-26 ⋅ cocomelonc ⋅ cocomelonc @online{cocomelonc:20220426:malware:a69279c,
author = {cocomelonc},
title = {{Malware development: persistence - part 2. Screensaver hijack. C++ example.}},
date = {2022-04-26},
organization = {cocomelonc},
url = {https://cocomelonc.github.io/tutorial/2022/04/26/malware-pers-2.html},
language = {English},
urldate = {2022-12-01}
}
Malware development: persistence - part 2. Screensaver hijack. C++ example. Gazer |
2022-03-28 ⋅ Cyber Geeks (CyberMasterV) ⋅ Vlad Pasca @online{pasca:20220328:stepbystep:7d92613,
author = {Vlad Pasca},
title = {{A Step-by-Step Analysis of the Russian APT Turla Backdoor called TinyTurla}},
date = {2022-03-28},
organization = {Cyber Geeks (CyberMasterV)},
url = {https://cybergeeks.tech/a-step-by-step-analysis-of-the-russian-apt-turla-backdoor-called-tinyturla/},
language = {English},
urldate = {2022-03-29}
}
A Step-by-Step Analysis of the Russian APT Turla Backdoor called TinyTurla TinyTurla |
2022-02-28 ⋅ Lab52 ⋅ Jagaimo Kawaii @online{kawaii:20220228:looking:9f8bf67,
author = {Jagaimo Kawaii},
title = {{Looking for Penquins in the Wild}},
date = {2022-02-28},
organization = {Lab52},
url = {https://lab52.io/blog/looking-for-penquins-in-the-wild/},
language = {English},
urldate = {2022-03-02}
}
Looking for Penquins in the Wild Penquin Turla |
2022-01-25 ⋅ Möbius Strip Reverse Engineering ⋅ Rolf Rolles @online{rolles:20220125:exhaustively:bbe8a55,
author = {Rolf Rolles},
title = {{An Exhaustively Analyzed IDB for ComLook}},
date = {2022-01-25},
organization = {Möbius Strip Reverse Engineering},
url = {https://www.msreverseengineering.com/blog/2022/1/25/an-exhaustively-analyzed-idb-for-comlook},
language = {English},
urldate = {2022-01-28}
}
An Exhaustively Analyzed IDB for ComLook ComLook |
2022-01-20 ⋅ Twitter (@ClearskySec) ⋅ ClearSky Cybersecurity @online{cybersecurity:20220120:comlook:ca9c0aa,
author = {ClearSky Cybersecurity},
title = {{Tweet on ComLook backdoor used by Turla}},
date = {2022-01-20},
organization = {Twitter (@ClearskySec)},
url = {https://twitter.com/ClearskySec/status/1484211242474561540},
language = {English},
urldate = {2022-01-25}
}
Tweet on ComLook backdoor used by Turla ComLook |
2021-12-01 ⋅ ESET Research ⋅ Alexis Dorais-Joncas, Facundo Muñoz @techreport{doraisjoncas:20211201:jumping:00bc8f5,
author = {Alexis Dorais-Joncas and Facundo Muñoz},
title = {{Jumping the air gap: 15 years of nation‑state effort}},
date = {2021-12-01},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2021/12/eset_jumping_the_air_gap_wp.pdf},
language = {English},
urldate = {2021-12-17}
}
Jumping the air gap: 15 years of nation‑state effort Agent.BTZ Fanny Flame Gauss PlugX Ramsay Retro Stuxnet USBCulprit USBferry |
2021-11-05 ⋅ Emanuele De Lucia on Security ⋅ Emanuele De Lucia @online{lucia:20211105:bigboss:bcea512,
author = {Emanuele De Lucia},
title = {{The BigBoss Rules: Something about one of the Uroburos’ RPC-based backdoors}},
date = {2021-11-05},
organization = {Emanuele De Lucia on Security},
url = {https://www.emanueledelucia.net/the-bigboss-rules-something-about-one-of-the-uroburos-rpc-based-backdoors/},
language = {English},
urldate = {2021-11-08}
}
The BigBoss Rules: Something about one of the Uroburos’ RPC-based backdoors Turla SilentMoon |
2021-09-27 ⋅ Medium ryancor ⋅ Ryan Cornateanu @online{cornateanu:20210927:deobfuscating:bfa117a,
author = {Ryan Cornateanu},
title = {{Deobfuscating PowerShell Malware Droppers}},
date = {2021-09-27},
organization = {Medium ryancor},
url = {https://ryancor.medium.com/deobfuscating-powershell-malware-droppers-b6c34499e41d},
language = {English},
urldate = {2021-11-25}
}
Deobfuscating PowerShell Malware Droppers Agent.BTZ |
2021-09-21 ⋅ Talos Intelligence ⋅ Talos @online{talos:20210921:tinyturla:c5f6f90,
author = {Talos},
title = {{TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines}},
date = {2021-09-21},
organization = {Talos Intelligence},
url = {https://blog.talosintelligence.com/2021/09/tinyturla.html},
language = {English},
urldate = {2021-09-22}
}
TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines TinyTurla |
2021-06-12 ⋅ YouTube (BSidesBoulder) ⋅ Kurt Baumgartner, Kaspersky @online{baumgartner:20210612:same:49bc254,
author = {Kurt Baumgartner and Kaspersky},
title = {{Same and Different - sesame street level attribution}},
date = {2021-06-12},
organization = {YouTube (BSidesBoulder)},
url = {https://youtu.be/SW8kVkwDOrc?t=24706},
language = {English},
urldate = {2021-06-21}
}
Same and Different - sesame street level attribution Kazuar SUNBURST |
2021-04-29 ⋅ ESET Research ⋅ Robert Lipovsky, Matthieu Faou, Tony Anscombe, Andy Garth, Daniel Chromek @techreport{lipovsky:20210429:eset:ff67b6c,
author = {Robert Lipovsky and Matthieu Faou and Tony Anscombe and Andy Garth and Daniel Chromek},
title = {{ESET Industry Report on Government: Targeted but not alone}},
date = {2021-04-29},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2021/04/ESET_Industry_Report_Government.pdf},
language = {English},
urldate = {2021-05-03}
}
ESET Industry Report on Government: Targeted but not alone Exaramel Crutch Exaramel HyperBro HyperSSL InvisiMole XDSpy |
2021-04-27 ⋅ Kaspersky ⋅ GReAT @online{great:20210427:trends:e1c92a3,
author = {GReAT},
title = {{APT trends report Q1 2021}},
date = {2021-04-27},
organization = {Kaspersky},
url = {https://securelist.com/apt-trends-report-q1-2021/101967/},
language = {English},
urldate = {2021-04-29}
}
APT trends report Q1 2021 PAS Artra Downloader BadNews Bozok DILLJUICE Kazuar Quasar RAT SodaMaster |
2021-02-28 ⋅ PWC UK ⋅ PWC UK @techreport{uk:20210228:cyber:bd780cd,
author = {PWC UK},
title = {{Cyber Threats 2020: A Year in Retrospect}},
date = {2021-02-28},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf},
language = {English},
urldate = {2021-03-04}
}
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
2021-02-19 ⋅ Palo Alto Networks Unit 42 ⋅ Dominik Reichel @online{reichel:20210219:ironnetinjector:07c7f33,
author = {Dominik Reichel},
title = {{IronNetInjector: Turla’s New Malware Loading Tool}},
date = {2021-02-19},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/ironnetinjector/},
language = {English},
urldate = {2021-02-20}
}
IronNetInjector: Turla’s New Malware Loading Tool Agent.BTZ IronNetInjector TurlaRPC |
2021-02-16 ⋅ US Department of Defense ⋅ US Department of Defense @techreport{defense:20210216:creation:d20a363,
author = {US Department of Defense},
title = {{The creation of the 2020 ComRATv4 illustration}},
date = {2021-02-16},
institution = {US Department of Defense},
url = {https://cdn.muckrock.com/foia_files/2021/02/16/21R019_RESPONSE.pdf},
language = {English},
urldate = {2021-03-25}
}
The creation of the 2020 ComRATv4 illustration Agent.BTZ |
2021-01-11 ⋅ Kaspersky Labs ⋅ Georgy Kucherin, Igor Kuznetsov, Costin Raiu @online{kucherin:20210111:sunburst:a4ecf12,
author = {Georgy Kucherin and Igor Kuznetsov and Costin Raiu},
title = {{Sunburst backdoor – code overlaps with Kazuar}},
date = {2021-01-11},
organization = {Kaspersky Labs},
url = {https://securelist.com/sunburst-backdoor-kazuar/99981/},
language = {English},
urldate = {2021-01-11}
}
Sunburst backdoor – code overlaps with Kazuar Kazuar SUNBURST |
2020-12-21 ⋅ IronNet ⋅ Adam Hlavek, Kimberly Ortiz @online{hlavek:20201221:russian:804662f,
author = {Adam Hlavek and Kimberly Ortiz},
title = {{Russian cyber attack campaigns and actors}},
date = {2020-12-21},
organization = {IronNet},
url = {https://www.ironnet.com/blog/russian-cyber-attack-campaigns-and-actors},
language = {English},
urldate = {2021-01-05}
}
Russian cyber attack campaigns and actors WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess |
2020-12-21 ⋅ Intezer ⋅ Intezer @online{intezer:20201221:top:9529707,
author = {Intezer},
title = {{Top Linux Cloud Threats of 2020}},
date = {2020-12-21},
organization = {Intezer},
url = {https://www.intezer.com/blog/cloud-security/top-linux-cloud-threats-of-2020/},
language = {English},
urldate = {2020-12-26}
}
Top Linux Cloud Threats of 2020 AgeLocker AnchorDNS Blackrota Cloud Snooper Dacls Doki FritzFrog IPStorm Kaiji Kinsing NOTROBIN Penquin Turla PLEAD Prometei RansomEXX Stantinko TeamTNT TSCookie WellMail elf.wellmess TeamTNT |
2020-12-02 ⋅ ESET Research ⋅ Matthieu Faou @online{faou:20201202:turla:7f8c935,
author = {Matthieu Faou},
title = {{Turla Crutch: Keeping the “back door” open}},
date = {2020-12-02},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/},
language = {English},
urldate = {2020-12-08}
}
Turla Crutch: Keeping the “back door” open Crutch Gazer Turla |
2020-10-29 ⋅ US-CERT ⋅ US-CERT @online{uscert:20201029:malware:c4c177c,
author = {US-CERT},
title = {{Malware Analysis Report (AR20-303A): PowerShell Script: ComRAT}},
date = {2020-10-29},
organization = {US-CERT},
url = {https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303a},
language = {English},
urldate = {2020-11-02}
}
Malware Analysis Report (AR20-303A): PowerShell Script: ComRAT Agent.BTZ |
2020-10-28 ⋅ Accenture ⋅ Cyber Defense @online{defense:20201028:turla:6f32714,
author = {Cyber Defense},
title = {{Turla uses HyperStack, Carbon, and Kazuar to compromise government entity}},
date = {2020-10-28},
organization = {Accenture},
url = {https://www.accenture.com/us-en/blogs/cyber-defense/turla-belugasturgeon-compromises-government-entity},
language = {English},
urldate = {2020-10-29}
}
Turla uses HyperStack, Carbon, and Kazuar to compromise government entity Cobra Carbon System Kazuar TurlaRPC Turla SilentMoon |
2020-09-25 ⋅ Github (sisoma2) ⋅ Marc @online{marc:20200925:turla:06db824,
author = {Marc},
title = {{Turla Carbon System}},
date = {2020-09-25},
organization = {Github (sisoma2)},
url = {https://github.com/sisoma2/malware_analysis/tree/master/turla_carbon},
language = {English},
urldate = {2020-10-02}
}
Turla Carbon System Cobra Carbon System |
2020-09-11 ⋅ Twitter (@Arkbird_SOLG) ⋅ Arkbird @online{arkbird:20200911:discovery:99adb88,
author = {Arkbird},
title = {{Tweet on discovery of a sample}},
date = {2020-09-11},
organization = {Twitter (@Arkbird_SOLG)},
url = {https://twitter.com/Arkbird_SOLG/status/1304187749373800455},
language = {English},
urldate = {2020-10-21}
}
Tweet on discovery of a sample Turla SilentMoon |
2020-09-10 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20200910:overview:f751b73,
author = {GReAT},
title = {{An overview of targeted attacks and APTs on Linux}},
date = {2020-09-10},
organization = {Kaspersky Labs},
url = {https://securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98440/},
language = {English},
urldate = {2020-10-05}
}
An overview of targeted attacks and APTs on Linux Cloud Snooper Dacls DoubleFantasy MESSAGETAP Penquin Turla Tsunami elf.wellmess X-Agent |
2020-09-01 ⋅ Möbius Strip Reverse Engineering ⋅ Rolf Rolles @online{rolles:20200901:exhaustivelyanalyzed:0a5410d,
author = {Rolf Rolles},
title = {{An Exhaustively-Analyzed IDB for ComRAT v4}},
date = {2020-09-01},
organization = {Möbius Strip Reverse Engineering},
url = {https://www.msreverseengineering.com/blog/2020/8/31/an-exhaustively-analyzed-idb-for-comrat-v4},
language = {English},
urldate = {2020-09-01}
}
An Exhaustively-Analyzed IDB for ComRAT v4 Agent.BTZ |
2020-07-29 ⋅ ESET Research ⋅ welivesecurity @techreport{welivesecurity:20200729:threat:496355c,
author = {welivesecurity},
title = {{THREAT REPORT Q2 2020}},
date = {2020-07-29},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf},
language = {English},
urldate = {2020-07-30}
}
THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor |
2020-07-29 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20200729:trends:6810325,
author = {GReAT},
title = {{APT trends report Q2 2020}},
date = {2020-07-29},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q2-2020/97937/},
language = {English},
urldate = {2020-07-30}
}
APT trends report Q2 2020 PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel |
2020-07-21 ⋅ YouTube ( OPCDE with Matt Suiche) ⋅ Mohamad Mokbel @online{mokbel:20200721:vopcde:26d48d0,
author = {Mohamad Mokbel},
title = {{vOPCDE #9 - A Journey into Malware HTTP Communication Channels Spectacles (Mohamad Mokbel)}},
date = {2020-07-21},
organization = {YouTube ( OPCDE with Matt Suiche)},
url = {https://www.youtube.com/watch?v=FttiysUZmDw},
language = {English},
urldate = {2021-10-24}
}
vOPCDE #9 - A Journey into Malware HTTP Communication Channels Spectacles (Mohamad Mokbel) Alureon Aytoke Cobra Carbon System CROSSWALK danbot ProtonBot Silence |
2020-07-14 ⋅ Telsy ⋅ Telsy @online{telsy:20200714:turla:ef6592e,
author = {Telsy},
title = {{Turla / Venomous Bear updates its arsenal: “NewPass” appears on the APT threat scene}},
date = {2020-07-14},
organization = {Telsy},
url = {https://www.telsy.com/turla-venomous-bear-updates-its-arsenal-newpass-appears-on-the-apt-threat-scene/},
language = {English},
urldate = {2020-07-16}
}
Turla / Venomous Bear updates its arsenal: “NewPass” appears on the APT threat scene NewPass Turla |
2020-06-09 ⋅ Kaspersky Labs ⋅ Costin Raiu @online{raiu:20200609:looking:3038dce,
author = {Costin Raiu},
title = {{Looking at Big Threats Using Code Similarity. Part 1}},
date = {2020-06-09},
organization = {Kaspersky Labs},
url = {https://securelist.com/big-threats-using-code-similarity-part-1/97239/},
language = {English},
urldate = {2020-08-18}
}
Looking at Big Threats Using Code Similarity. Part 1 Penquin Turla CCleaner Backdoor EternalPetya Regin WannaCryptor XTunnel |
2020-06-07 ⋅ Youtube (OPCDE) ⋅ Silvio La Porta, Antonio Villani @online{porta:20200607:penquin:cde32fc,
author = {Silvio La Porta and Antonio Villani},
title = {{The Penquin is in da house}},
date = {2020-06-07},
organization = {Youtube (OPCDE)},
url = {https://www.youtube.com/watch?v=JXsjRUxx47E},
language = {English},
urldate = {2020-06-10}
}
The Penquin is in da house Penquin Turla |
2020-05-28 ⋅ EpicTurla ⋅ Juan Andrés Guerrero-Saade @online{guerrerosaade:20200528:sysinturla:8cad820,
author = {Juan Andrés Guerrero-Saade},
title = {{SysInTURLA}},
date = {2020-05-28},
organization = {EpicTurla},
url = {https://www.epicturla.com/blog/sysinturla},
language = {English},
urldate = {2020-05-29}
}
SysInTURLA Kazuar |
2020-05-26 ⋅ ESET Research ⋅ Matthieu Faou @techreport{faou:20200526:from:89e2854,
author = {Matthieu Faou},
title = {{From Agent.BTZ to ComRAT v4: A ten‑year journey (White Paper)}},
date = {2020-05-26},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf},
language = {English},
urldate = {2020-05-27}
}
From Agent.BTZ to ComRAT v4: A ten‑year journey (White Paper) Agent.BTZ |
2020-05-26 ⋅ ESET Research ⋅ Matthieu Faou @online{faou:20200526:from:804e2da,
author = {Matthieu Faou},
title = {{From Agent.BTZ to ComRAT v4: A ten‑year journey}},
date = {2020-05-26},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/},
language = {English},
urldate = {2020-05-27}
}
From Agent.BTZ to ComRAT v4: A ten‑year journey Agent.BTZ |
2020-05-21 ⋅ PICUS Security ⋅ Süleyman Özarslan @online{zarslan:20200521:t1055:4400f98,
author = {Süleyman Özarslan},
title = {{T1055 Process Injection}},
date = {2020-05-21},
organization = {PICUS Security},
url = {https://www.picussecurity.com/blog/picus-10-critical-mitre-attck-techniques-t1055-process-injection},
language = {English},
urldate = {2020-06-03}
}
T1055 Process Injection BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE |
2020-05-14 ⋅ Leonardo ⋅ Leonardo’s Cyber Security division @techreport{division:20200514:malware:34fa46f,
author = {Leonardo’s Cyber Security division},
title = {{Malware Technical Insight Turla "Penquin_x64"}},
date = {2020-05-14},
institution = {Leonardo},
url = {https://www.leonardo.com/documents/20142/10868623/Malware+Technical+Insight+_Turla+%E2%80%9CPenquin_x64%E2%80%9D.pdf},
language = {English},
urldate = {2022-07-01}
}
Malware Technical Insight Turla "Penquin_x64" Penquin Turla |
2020-04-07 ⋅ Blackberry ⋅ Blackberry Research @techreport{research:20200407:decade:6441e18,
author = {Blackberry Research},
title = {{Decade of the RATS: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android}},
date = {2020-04-07},
institution = {Blackberry},
url = {https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-decade-of-the-rats.pdf},
language = {English},
urldate = {2020-08-10}
}
Decade of the RATS: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android Penquin Turla XOR DDoS ZXShell |
2020-03-12 ⋅ ESET Research ⋅ Matthieu Faou @online{faou:20200312:tracking:913d16e,
author = {Matthieu Faou},
title = {{Tracking Turla: New backdoor delivered via Armenian watering holes}},
date = {2020-03-12},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2020/03/12/tracking-turla-new-backdoor-armenian-watering-holes/},
language = {English},
urldate = {2020-03-13}
}
Tracking Turla: New backdoor delivered via Armenian watering holes LightNeuron Mosquito NetFlash Skipper |
2020-03-12 ⋅ Recorded Future ⋅ Insikt Group @techreport{group:20200312:swallowing:2ec2856,
author = {Insikt Group},
title = {{Swallowing the Snake’s Tail: Tracking Turla Infrastructure}},
date = {2020-03-12},
institution = {Recorded Future},
url = {https://go.recordedfuture.com/hubfs/reports/cta-2020-0312.pdf},
language = {English},
urldate = {2023-01-19}
}
Swallowing the Snake’s Tail: Tracking Turla Infrastructure TwoFace Mosquito |
2020-03-12 ⋅ Recorded Future ⋅ Insikt Group @online{group:20200312:swallowing:b1becb5,
author = {Insikt Group},
title = {{Swallowing the Snake’s Tail: Tracking Turla Infrastructure}},
date = {2020-03-12},
organization = {Recorded Future},
url = {https://www.recordedfuture.com/turla-apt-infrastructure/},
language = {English},
urldate = {2020-03-13}
}
Swallowing the Snake’s Tail: Tracking Turla Infrastructure Mosquito Sinowal |
2020-03-04 ⋅ CrowdStrike ⋅ CrowdStrike @techreport{crowdstrike:20200304:2020:818c85f,
author = {CrowdStrike},
title = {{2020 CrowdStrike Global Threat Report}},
date = {2020-03-04},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf},
language = {English},
urldate = {2020-07-24}
}
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
2020-03-03 ⋅ PWC UK ⋅ PWC UK @techreport{uk:20200303:cyber:1f1eef0,
author = {PWC UK},
title = {{Cyber Threats 2019:A Year in Retrospect}},
date = {2020-03-03},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf},
language = {English},
urldate = {2020-03-03}
}
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
2020-02-13 ⋅ Qianxin ⋅ Qi Anxin Threat Intelligence Center @techreport{center:20200213:report:146d333,
author = {Qi Anxin Threat Intelligence Center},
title = {{APT Report 2019}},
date = {2020-02-13},
institution = {Qianxin},
url = {https://ti.qianxin.com/uploads/2020/02/13/cb78386a082f465f259b37dae5df4884.pdf},
language = {English},
urldate = {2020-02-27}
}
APT Report 2019 Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:iron:de2007f,
author = {SecureWorks},
title = {{IRON HUNTER}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/iron-hunter},
language = {English},
urldate = {2020-05-23}
}
IRON HUNTER Agent.BTZ Cobra Carbon System LightNeuron Mosquito Nautilus Neuron Skipper Uroburos Turla |
2019-10-21 ⋅ NCSC UK ⋅ NCSC UK @online{uk:20191021:advisory:8f9f0e8,
author = {NCSC UK},
title = {{Advisory: Turla group exploits Iranian APT to expand coverage of victims}},
date = {2019-10-21},
organization = {NCSC UK},
url = {https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims},
language = {English},
urldate = {2020-01-06}
}
Advisory: Turla group exploits Iranian APT to expand coverage of victims Nautilus Neuron |
2019-08-12 ⋅ Kindred Security ⋅ Kindred Security @online{security:20190812:overview:0726c0a,
author = {Kindred Security},
title = {{An Overview of Public Platform C2’s}},
date = {2019-08-12},
organization = {Kindred Security},
url = {https://kindredsec.wordpress.com/2019/08/12/an-overview-of-public-platform-c2s/},
language = {English},
urldate = {2021-07-20}
}
An Overview of Public Platform C2’s HTML5 Encoding LOWBALL Makadocs MiniDuke RogueRobinNET RokRAT |
2019-07-26 ⋅ Github (eset) ⋅ ESET Research @online{research:20190726:turla:d2b71c9,
author = {ESET Research},
title = {{Turla Indicators of Compromise}},
date = {2019-07-26},
organization = {Github (eset)},
url = {https://github.com/eset/malware-ioc/tree/master/turla},
language = {English},
urldate = {2020-01-08}
}
Turla Indicators of Compromise Gazer |
2019-07-08 ⋅ 0ffset Blog ⋅ 0verfl0w_ @online{0verfl0w:20190708:analyzing:f246b28,
author = {0verfl0w_},
title = {{Analyzing KSL0T (Turla’s Keylogger), Part 1 – Reupload}},
date = {2019-07-08},
organization = {0ffset Blog},
url = {https://0ffset.net/reverse-engineering/malware-analysis/analyzing-turlas-keylogger-1/},
language = {English},
urldate = {2020-01-06}
}
Analyzing KSL0T (Turla’s Keylogger), Part 1 – Reupload KSL0T |
2019-07-08 ⋅ 0ffset Blog ⋅ 0verfl0w_ @online{0verfl0w:20190708:analyzing:b984acf,
author = {0verfl0w_},
title = {{Analyzing KSL0T (Turla’s Keylogger), Part 2 – Reupload}},
date = {2019-07-08},
organization = {0ffset Blog},
url = {https://0ffset.net/reverse-engineering/malware-analysis/analyzing-turlas-keylogger-2/},
language = {English},
urldate = {2020-01-10}
}
Analyzing KSL0T (Turla’s Keylogger), Part 2 – Reupload KSL0T |
2019-06-20 ⋅ Symantec ⋅ Symantec DeepSight Adversary Intelligence Team, Symantec Network Protection Security Labs @online{team:20190620:waterbug:9c50dd1,
author = {Symantec DeepSight Adversary Intelligence Team and Symantec Network Protection Security Labs},
title = {{Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments}},
date = {2019-06-20},
organization = {Symantec},
url = {https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments},
language = {English},
urldate = {2020-01-13}
}
Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments LightNeuron |
2019-05-29 ⋅ ESET Research ⋅ Matthieu Faou, Romain Dumont @online{faou:20190529:dive:3afd32e,
author = {Matthieu Faou and Romain Dumont},
title = {{A dive into Turla PowerShell usage}},
date = {2019-05-29},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/},
language = {English},
urldate = {2019-11-14}
}
A dive into Turla PowerShell usage PowerShellRunner TurlaRPC |
2019-05-19 ⋅ Telsy ⋅ Webmaster @online{webmaster:20190519:following:d15ba1c,
author = {Webmaster},
title = {{Following the Turla’s Skipper over the ocean of cyber operations}},
date = {2019-05-19},
organization = {Telsy},
url = {https://blog.telsy.com/following-the-turlas-skipper-over-the-ocean-of-cyber-operations/},
language = {English},
urldate = {2020-01-08}
}
Following the Turla’s Skipper over the ocean of cyber operations Skipper |
2019-05-07 ⋅ ESET Research ⋅ Matthieu Faou @online{faou:20190507:turla:0300283,
author = {Matthieu Faou},
title = {{Turla LightNeuron: An email too far}},
date = {2019-05-07},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2019/05/07/turla-lightneuron-email-too-far/},
language = {English},
urldate = {2019-11-14}
}
Turla LightNeuron: An email too far LightNeuron |
2019-05 ⋅ ESET Research ⋅ Matthieu Faou @techreport{faou:201905:turla:5a8a05f,
author = {Matthieu Faou},
title = {{TURLA LIGHTNEURON: One email away from remote code execution}},
date = {2019-05},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf},
language = {English},
urldate = {2020-01-08}
}
TURLA LIGHTNEURON: One email away from remote code execution LightNeuron |
2019-04-19 ⋅ Github (hfiref0x) ⋅ hfiref0x @online{hfiref0x:20190419:tdl:31ca191,
author = {hfiref0x},
title = {{TDL (Turla Driver Loader) Repository}},
date = {2019-04-19},
organization = {Github (hfiref0x)},
url = {https://github.com/hfiref0x/TDL},
language = {English},
urldate = {2020-01-08}
}
TDL (Turla Driver Loader) Repository Cobra Carbon System |
2019-04-13 ⋅ GitHub ⋅ Vitali Kremez @online{kremez:20190413:decoded:c9b46a9,
author = {Vitali Kremez},
title = {{Decoded Turla Powershell Implant}},
date = {2019-04-13},
organization = {GitHub},
url = {https://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2019-04-13-Possible-Turla-PowerShell-Implant.ps1},
language = {English},
urldate = {2019-07-11}
}
Decoded Turla Powershell Implant PowerShellRunner |
2019-01-17 ⋅ Twitter (@VK_intel) ⋅ Vitali Kremez @online{kremez:20190117:turla:1eff5e6,
author = {Vitali Kremez},
title = {{Tweet on Turla Outlook Backdoor}},
date = {2019-01-17},
organization = {Twitter (@VK_intel)},
url = {https://twitter.com/VK_Intel/status/1085820673811992576},
language = {English},
urldate = {2020-01-13}
}
Tweet on Turla Outlook Backdoor Outlook Backdoor |
2019 ⋅ MITRE ⋅ MITRE ATT&CK @online{attck:2019:turla:6c3dec8,
author = {MITRE ATT&CK},
title = {{Group description: Turla}},
date = {2019},
organization = {MITRE},
url = {https://attack.mitre.org/groups/G0010/},
language = {English},
urldate = {2019-12-20}
}
Group description: Turla Turla |
2019 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker @online{tracker:2019:turla:84132fe,
author = {Cyber Operations Tracker},
title = {{Turla}},
date = {2019},
organization = {Council on Foreign Relations},
url = {https://www.cfr.org/interactive/cyber-operations/turla},
language = {English},
urldate = {2019-12-20}
}
Turla Turla |
2018-11-22 ⋅ nccgroup ⋅ Ben Humphrey @online{humphrey:20181122:turla:de7f30a,
author = {Ben Humphrey},
title = {{Turla PNG Dropper is back}},
date = {2018-11-22},
organization = {nccgroup},
url = {https://research.nccgroup.com/2018/11/22/turla-png-dropper-is-back/},
language = {English},
urldate = {2023-06-19}
}
Turla PNG Dropper is back Uroburos Turla |
2018-11-22 ⋅ nccgroup ⋅ Matt Lewis @online{lewis:20181122:turla:99cb1b2,
author = {Matt Lewis},
title = {{Turla PNG Dropper is back}},
date = {2018-11-22},
organization = {nccgroup},
url = {https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/},
language = {English},
urldate = {2023-08-11}
}
Turla PNG Dropper is back Uroburos |
2018-10-05 ⋅ _ @online{:20181005:post:4890d7d,
author = {_},
title = {{Post 0x17.2: Analyzing Turla’s Keylogger}},
date = {2018-10-05},
url = {https://0ffset.wordpress.com/2018/10/05/post-0x17-2-turla-keylogger/},
language = {English},
urldate = {2019-07-27}
}
Post 0x17.2: Analyzing Turla’s Keylogger KSL0T |
2018-10-04 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20181004:shedding:5f22310,
author = {GReAT},
title = {{Shedding Skin – Turla’s Fresh Faces}},
date = {2018-10-04},
organization = {Kaspersky Labs},
url = {https://securelist.com/shedding-skin-turlas-fresh-faces/88069/},
language = {English},
urldate = {2023-01-10}
}
Shedding Skin – Turla’s Fresh Faces KopiLuwak Agent.BTZ Cobra Carbon System Gazer Meterpreter Mosquito Skipper |
2018-09-10 ⋅ Youtube ( Monnappa K A) ⋅ Monnappa K A @online{a:20180910:turla:c92b687,
author = {Monnappa K A},
title = {{turla gazer backdoor code injection & winlogon shell persistence}},
date = {2018-09-10},
organization = {Youtube ( Monnappa K A)},
url = {https://www.youtube.com/watch?v=Pvzhtjl86wc},
language = {English},
urldate = {2020-01-13}
}
turla gazer backdoor code injection & winlogon shell persistence Gazer |
2018-08-22 ⋅ ESET Research ⋅ ESET researchers @techreport{researchers:20180822:turla:d444ef7,
author = {ESET researchers},
title = {{Turla Outlook Backdoor}},
date = {2018-08-22},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2018/08/Eset-Turla-Outlook-Backdoor.pdf},
language = {English},
urldate = {2019-10-18}
}
Turla Outlook Backdoor Outlook Backdoor |
2018-08-22 ⋅ Bleeping Computer ⋅ Ionut Ilascu @online{ilascu:20180822:turla:b3753aa,
author = {Ionut Ilascu},
title = {{Turla Outlook Backdoor Uses Clever Tactics for Stealth and Persistence}},
date = {2018-08-22},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/turla-outlook-backdoor-uses-clever-tactics-for-stealth-and-persistence/},
language = {English},
urldate = {2019-12-20}
}
Turla Outlook Backdoor Uses Clever Tactics for Stealth and Persistence Turla |
2018-07-10 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20180710:trends:4651c7b,
author = {GReAT},
title = {{APT Trends Report Q2 2018}},
date = {2018-07-10},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q2-2018/86487/},
language = {English},
urldate = {2019-12-20}
}
APT Trends Report Q2 2018 LightNeuron PoorWeb |
2018-05-22 ⋅ ESET Research ⋅ ESET Research @online{research:20180522:turla:358ccf7,
author = {ESET Research},
title = {{Turla Mosquito: A shift towards more generic tools}},
date = {2018-05-22},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools/},
language = {English},
urldate = {2019-11-14}
}
Turla Mosquito: A shift towards more generic tools Mosquito Turla |
2018-03 ⋅ CrySyS Lab ⋅ Boldizsar Bencsath @techreport{bencsath:201803:territorial:04343bb,
author = {Boldizsar Bencsath},
title = {{Territorial Dispute – NSA’s perspective on APT landscape}},
date = {2018-03},
institution = {CrySyS Lab},
url = {https://www.crysys.hu/publications/files/tedi/ukatemicrysys_territorialdispute.pdf},
language = {English},
urldate = {2020-05-07}
}
Territorial Dispute – NSA’s perspective on APT landscape 9002 RAT Agent.BTZ DuQu EYService Flame FlowerShop Stuxnet Uroburos |
2018-03 ⋅ Kaspersky Labs ⋅ Juan Andrés Guerrero-Saade, Costin Raiu, Daniel Moore, Thomas Rid @techreport{guerrerosaade:201803:penquins:1c6305e,
author = {Juan Andrés Guerrero-Saade and Costin Raiu and Daniel Moore and Thomas Rid},
title = {{Penquin's Moonlit Maze}},
date = {2018-03},
institution = {Kaspersky Labs},
url = {https://securelist.com/files/2017/04/Penquins_Moonlit_Maze_PDF_eng.pdf},
language = {English},
urldate = {2019-11-25}
}
Penquin's Moonlit Maze Penquin Turla |
2018-02-09 ⋅ ExaTrack ⋅ Stéfan Le Berre @techreport{berre:20180209:hey:8be9a1c,
author = {Stéfan Le Berre},
title = {{Hey Uroburos! What's up ?}},
date = {2018-02-09},
institution = {ExaTrack},
url = {https://exatrack.com/public/Uroburos_EN.pdf},
language = {English},
urldate = {2022-05-25}
}
Hey Uroburos! What's up ? Uroburos |
2018-01-22 ⋅ ZDNet ⋅ Danny Palmer @online{palmer:20180122:this:cce88e0,
author = {Danny Palmer},
title = {{This hacking gang just updated the malware it uses against UK targets}},
date = {2018-01-22},
organization = {ZDNet},
url = {https://www.zdnet.com/article/this-hacking-gang-just-updated-the-malware-it-uses-against-uk-targets/},
language = {English},
urldate = {2020-01-13}
}
This hacking gang just updated the malware it uses against UK targets Turla |
2018-01-17 ⋅ NCSC UK ⋅ NCSC UK @online{uk:20180117:turla:7563012,
author = {NCSC UK},
title = {{Turla group malware}},
date = {2018-01-17},
organization = {NCSC UK},
url = {https://www.ncsc.gov.uk/alerts/turla-group-malware},
language = {English},
urldate = {2020-01-06}
}
Turla group malware Nautilus Neuron |
2018-01 ⋅ ESET Research ⋅ Eset @techreport{eset:201801:diplomats:89688b4,
author = {Eset},
title = {{Diplomats in Eastern Europe bitten by a Turla mosquito}},
date = {2018-01},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf},
language = {English},
urldate = {2020-01-08}
}
Diplomats in Eastern Europe bitten by a Turla mosquito Mosquito |
2017-12-24 ⋅ Twitter (@juanandres_gs) ⋅ Juan Andrés Guerrero-Saade @online{guerrerosaade:20171224:turla:dd95598,
author = {Juan Andrés Guerrero-Saade},
title = {{Tweet on Turla Penquin}},
date = {2017-12-24},
organization = {Twitter (@juanandres_gs)},
url = {https://twitter.com/juanandres_gs/status/944741575837528064},
language = {English},
urldate = {2020-01-06}
}
Tweet on Turla Penquin Penquin Turla |
2017-10-05 ⋅ Angel Alonso-Parrizas @online{alonsoparrizas:20171005:analysis:cfea758,
author = {Angel Alonso-Parrizas},
title = {{Analysis of a malicious DOC used by Turla APT group; hunting persistence via PowerShell}},
date = {2017-10-05},
url = {https://blog.angelalonso.es/2017/10/analysis-of-malicious-doc-used-by-turla.html},
language = {English},
urldate = {2023-01-30}
}
Analysis of a malicious DOC used by Turla APT group; hunting persistence via PowerShell KopiLuwak |
2017-10-04 ⋅ Twitter (@JohnLaTwC) ⋅ John Lambert @online{lambert:20171004:turla:904593f,
author = {John Lambert},
title = {{Tweet on Turla JS backdoor}},
date = {2017-10-04},
organization = {Twitter (@JohnLaTwC)},
url = {https://twitter.com/JohnLaTwC/status/915590893155098629},
language = {English},
urldate = {2019-10-23}
}
Tweet on Turla JS backdoor Maintools.js |
2017-09-13 ⋅ Intezer ⋅ Omri Ben Bassat @online{bassat:20170913:new:376f00f,
author = {Omri Ben Bassat},
title = {{New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 2/2}},
date = {2017-09-13},
organization = {Intezer},
url = {http://www.intezer.com/new-variants-of-agent-btz-comrat-found-part-2/},
language = {English},
urldate = {2019-12-24}
}
New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 2/2 Agent.BTZ |
2017-08-30 ⋅ ESET Research ⋅ Graham Cluley @online{cluley:20170830:new:c821389,
author = {Graham Cluley},
title = {{New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies}},
date = {2017-08-30},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/08/30/eset-research-cyberespionage-gazer/},
language = {English},
urldate = {2019-11-14}
}
New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies Gazer |
2017-08-30 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20170830:introducing:80a9653,
author = {GReAT},
title = {{Introducing WhiteBear}},
date = {2017-08-30},
organization = {Kaspersky Labs},
url = {https://securelist.com/introducing-whitebear/81638/},
language = {English},
urldate = {2019-12-20}
}
Introducing WhiteBear Gazer Turla White Bear |
2017-08-21 ⋅ Trend Micro ⋅ Trend Micro @online{micro:20170821:cyberespionage:db82222,
author = {Trend Micro},
title = {{Cyberespionage Group Turla Deploys Backdoor Ahead of G20 Task Force Summit}},
date = {2017-08-21},
organization = {Trend Micro},
url = {https://www.trendmicro.com/vinfo/vn/security/news/cyber-attacks/cyberespionage-group-turla-deploys-backdoor-ahead-of-g20-summit},
language = {English},
urldate = {2019-11-29}
}
Cyberespionage Group Turla Deploys Backdoor Ahead of G20 Task Force Summit Turla |
2017-08-18 ⋅ vmware ⋅ Jared Myers @online{myers:20170818:threat:6ee2607,
author = {Jared Myers},
title = {{Threat Analysis: Carbon Black Threat Research Dissects PNG Dropper}},
date = {2017-08-18},
organization = {vmware},
url = {https://www.carbonblack.com/2017/08/18/threat-analysis-carbon-black-threat-research-dissects-png-dropper/},
language = {English},
urldate = {2020-01-09}
}
Threat Analysis: Carbon Black Threat Research Dissects PNG Dropper Uroburos |
2017-08-17 ⋅ Proofpoint ⋅ Darien Huss @online{huss:20170817:turla:b519667,
author = {Darien Huss},
title = {{Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack}},
date = {2017-08-17},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack},
language = {English},
urldate = {2019-12-20}
}
Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack KopiLuwak |
2017-08-09 ⋅ CSE ⋅ CSE Canada @techreport{canada:20170809:hackers:30a0c3d,
author = {CSE Canada},
title = {{Hackers are Humans too}},
date = {2017-08-09},
institution = {CSE},
url = {https://nsarchive.gwu.edu/sites/default/files/documents/3921357/Government-of-Canada-Hackers-are-Humans-Too.pdf},
language = {English},
urldate = {2022-11-17}
}
Hackers are Humans too Satellite Turla |
2017-08-07 ⋅ Intezer ⋅ Omri Ben Bassat @online{bassat:20170807:new:d776333,
author = {Omri Ben Bassat},
title = {{New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 1/2}},
date = {2017-08-07},
organization = {Intezer},
url = {http://www.intezer.com/new-variants-of-agent-btz-comrat-found/},
language = {English},
urldate = {2019-12-17}
}
New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 1/2 Agent.BTZ |
2017-08 ⋅ ESET Research ⋅ Gazing at Gazer, Turla’s new second stage backdoor @techreport{gazer:201708:gazing:b454362,
author = {Gazing at Gazer and Turla’s new second stage backdoor},
title = {{Gazing at Gazer Turla’s new second stage backdoor}},
date = {2017-08},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf},
language = {English},
urldate = {2020-01-08}
}
Gazing at Gazer Turla’s new second stage backdoor Turla |
2017-06-07 ⋅ engadget ⋅ Mallory Locklear @online{locklear:20170607:russian:65a8aed,
author = {Mallory Locklear},
title = {{Russian malware link hid in a comment on Britney Spears' Instagram}},
date = {2017-06-07},
organization = {engadget},
url = {https://www.engadget.com/2017/06/07/russian-malware-hidden-britney-spears-instagram/},
language = {English},
urldate = {2020-01-08}
}
Russian malware link hid in a comment on Britney Spears' Instagram Turla |
2017-06-06 ⋅ ESET Research ⋅ Jean-Ian Boutin @online{boutin:20170606:turlas:f9b4935,
author = {Jean-Ian Boutin},
title = {{Turla’s watering hole campaign: An updated Firefox extension abusing Instagram}},
date = {2017-06-06},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/},
language = {English},
urldate = {2019-11-14}
}
Turla’s watering hole campaign: An updated Firefox extension abusing Instagram HTML5 Encoding Skipper |
2017-05-05 ⋅ Malwarebytes ⋅ Thomas Reed @online{reed:20170505:snake:01961aa,
author = {Thomas Reed},
title = {{Snake malware ported from Windows to Mac}},
date = {2017-05-05},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2017/05/snake-malware-ported-windows-mac/},
language = {English},
urldate = {2019-12-20}
}
Snake malware ported from Windows to Mac Uroburos |
2017-05-03 ⋅ Palo Alto Networks Unit 42 ⋅ Brandon Levene, Robert Falcone, Tyler Halfpop @online{levene:20170503:kazuar:b869345,
author = {Brandon Levene and Robert Falcone and Tyler Halfpop},
title = {{Kazuar: Multiplatform Espionage Backdoor with API Access}},
date = {2017-05-03},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/unit42-kazuar-multiplatform-espionage-backdoor-api-access/},
language = {English},
urldate = {2020-01-09}
}
Kazuar: Multiplatform Espionage Backdoor with API Access Turla |
2017-05-03 ⋅ Fox-IT ⋅ Jelle Vergeer, Krijn de Mik, Mitchel Sahertian, Maarten van Dantzig, Yun Zheng Hu @online{vergeer:20170503:snake:2987af1,
author = {Jelle Vergeer and Krijn de Mik and Mitchel Sahertian and Maarten van Dantzig and Yun Zheng Hu},
title = {{Snake: Coming soon in Mac OS X flavour}},
date = {2017-05-03},
organization = {Fox-IT},
url = {https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/},
language = {English},
urldate = {2019-12-17}
}
Snake: Coming soon in Mac OS X flavour Uroburos |
2017-05-03 ⋅ Palo Alto Networks Unit 42 ⋅ Brandon Levene, Robert Falcone, Tyler Halfpop @online{levene:20170503:kazuar:84e99e2,
author = {Brandon Levene and Robert Falcone and Tyler Halfpop},
title = {{Kazuar: Multiplatform Espionage Backdoor with API Access}},
date = {2017-05-03},
organization = {Palo Alto Networks Unit 42},
url = {http://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-access/},
language = {English},
urldate = {2019-12-20}
}
Kazuar: Multiplatform Espionage Backdoor with API Access Kazuar |
2017-04-03 ⋅ Kaspersky Labs ⋅ Nikolay Pankov @online{pankov:20170403:moonlight:6ce6041,
author = {Nikolay Pankov},
title = {{Moonlight Maze: Lessons from history}},
date = {2017-04-03},
organization = {Kaspersky Labs},
url = {https://www.kaspersky.com/blog/moonlight-maze-the-lessons/6713/},
language = {English},
urldate = {2020-01-09}
}
Moonlight Maze: Lessons from history Turla |
2017-04-03 ⋅ Kaspersky Labs ⋅ Costin Raiu, Daniel Moore, Juan Andrés Guerrero-Saade, Thomas Rid @techreport{raiu:20170403:moonlight:99d2089,
author = {Costin Raiu and Daniel Moore and Juan Andrés Guerrero-Saade and Thomas Rid},
title = {{Moonlight Maze Technical Report (Appendix B)}},
date = {2017-04-03},
institution = {Kaspersky Labs},
url = {https://securelist.com/files/2017/04/Penquins_Moonlit_Maze_AppendixB.pdf},
language = {English},
urldate = {2019-11-29}
}
Moonlight Maze Technical Report (Appendix B) Penquin Turla |
2017-03-30 ⋅ ESET Research ⋅ ESET Research @online{research:20170330:carbon:928505a,
author = {ESET Research},
title = {{Carbon Paper: Peering into Turla’s second stage backdoor}},
date = {2017-03-30},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/},
language = {English},
urldate = {2019-11-14}
}
Carbon Paper: Peering into Turla’s second stage backdoor Cobra Carbon System Turla |
2017-02-02 ⋅ Kaspersky Labs ⋅ Brian Bartholomew @online{bartholomew:20170202:kopiluwak:d5c0245,
author = {Brian Bartholomew},
title = {{KopiLuwak: A New JavaScript Payload from Turla}},
date = {2017-02-02},
organization = {Kaspersky Labs},
url = {https://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payload-from-turla/},
language = {English},
urldate = {2019-12-20}
}
KopiLuwak: A New JavaScript Payload from Turla KopiLuwak |
2016-09-07 ⋅ Virus Bulletin ⋅ Brian Bartholomew, Juan Andrés Guerrero-Saade @techreport{bartholomew:20160907:wave:96e9f50,
author = {Brian Bartholomew and Juan Andrés Guerrero-Saade},
title = {{Wave Your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks}},
date = {2016-09-07},
institution = {Virus Bulletin},
url = {https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2017/10/20114955/Bartholomew-GuerreroSaade-VB2016.pdf},
language = {English},
urldate = {2020-03-13}
}
Wave Your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks DuQu JripBot Sinowal Stuxnet Wipbot |
2016-06-30 ⋅ Bitdefender ⋅ Bitdefender @techreport{bitdefender:20160630:pacifier:cbcb081,
author = {Bitdefender},
title = {{Pacifier APT}},
date = {2016-06-30},
institution = {Bitdefender},
url = {https://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender-Whitepaper-PAC-A4-en_EN1.pdf},
language = {English},
urldate = {2020-01-09}
}
Pacifier APT Skipper |
2016-06-30 ⋅ Bitdefender ⋅ Bitdefender @techreport{bitdefender:20160630:pacifier:642af11,
author = {Bitdefender},
title = {{Pacifier APT}},
date = {2016-06-30},
institution = {Bitdefender},
url = {https://download.bitdefender.com/resources/files/News/CaseStudies/study/115/Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf},
language = {English},
urldate = {2020-01-08}
}
Pacifier APT Gazer Turla |
2016-05-23 ⋅ Reporting and Analysis Centre for Information Assurance MELANI ⋅ Specialist Staff @online{staff:20160523:technical:07ea0f3,
author = {Specialist Staff},
title = {{Technical Report about the Malware used in the Cyberespionage against RUAG}},
date = {2016-05-23},
organization = {Reporting and Analysis Centre for Information Assurance MELANI},
url = {https://www.melani.admin.ch/melani/en/home/dokumentation/reports/technical-reports/technical-report_apt_case_ruag.html},
language = {English},
urldate = {2020-01-05}
}
Technical Report about the Malware used in the Cyberespionage against RUAG Turla |
2016-05-23 ⋅ MELANI GovCERT ⋅ GovCERT.ch @techreport{govcertch:20160523:case:b6612e9,
author = {GovCERT.ch},
title = {{APT Case RUAG - Technical Report}},
date = {2016-05-23},
institution = {MELANI GovCERT},
url = {https://www.govcert.ch/downloads/whitepapers/Report_Ruag-Espionage-Case.pdf},
language = {English},
urldate = {2022-08-05}
}
APT Case RUAG - Technical Report Cobra Carbon System |
2016-01-14 ⋅ Symantec ⋅ Security Response @techreport{response:20160114:waterbug:51a4dbd,
author = {Security Response},
title = {{The Waterbug attack group}},
date = {2016-01-14},
institution = {Symantec},
url = {https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf},
language = {English},
urldate = {2020-01-09}
}
The Waterbug attack group Agent.BTZ Wipbot |
2016-01-14 ⋅ Symantec ⋅ Security Response @online{response:20160114:waterbug:9dbc59e,
author = {Security Response},
title = {{The Waterbug attack group}},
date = {2016-01-14},
organization = {Symantec},
url = {https://docs.broadcom.com/doc/waterbug-attack-group},
language = {English},
urldate = {2022-04-25}
}
The Waterbug attack group Agent.BTZ Cobra Carbon System Wipbot |
2016-01-13 ⋅ Yie @online{yie:20160113:russian:1a011c6,
author = {Yie},
title = {{Russian group behind 2013 Foreign Ministry hack}},
date = {2016-01-13},
url = {https://yle.fi/uutiset/osasto/news/russian_group_behind_2013_foreign_ministry_hack/8591548},
language = {English},
urldate = {2019-11-22}
}
Russian group behind 2013 Foreign Ministry hack Turla |
2015-11 ⋅ FireEye ⋅ FireEye @techreport{fireeye:201511:pinpointing:03765ec,
author = {FireEye},
title = {{PINPOINTING TARGETS: Exploiting Web Analytics to Ensnare Victims}},
date = {2015-11},
institution = {FireEye},
url = {https://www2.fireeye.com/rs/848-DID-242/images/rpt-witchcoven.pdf},
language = {English},
urldate = {2020-01-08}
}
PINPOINTING TARGETS: Exploiting Web Analytics to Ensnare Victims witchcoven Turla |
2015-09-09 ⋅ Kaspersky Labs ⋅ Stefan Tanase @online{tanase:20150909:satellite:b8728d5,
author = {Stefan Tanase},
title = {{Satellite Turla: APT Command and Control in the Sky}},
date = {2015-09-09},
organization = {Kaspersky Labs},
url = {https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081/},
language = {English},
urldate = {2019-12-20}
}
Satellite Turla: APT Command and Control in the Sky Satellite Turla Turla |
2015-09-09 ⋅ Kaspersky Labs ⋅ Stefan Tanase @online{tanase:20150909:satellite:7f8b3ed,
author = {Stefan Tanase},
title = {{Satellite Turla: APT Command and Control in the Sky}},
date = {2015-09-09},
organization = {Kaspersky Labs},
url = {https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/},
language = {English},
urldate = {2019-12-20}
}
Satellite Turla: APT Command and Control in the Sky Turla |
2015-02-11 ⋅ FIRST Tbilisi ⋅ Andrzej Dereszowski @techreport{dereszowski:20150211:turladevelopment:98e2483,
author = {Andrzej Dereszowski},
title = {{Turla-development & operations}},
date = {2015-02-11},
institution = {FIRST Tbilisi},
url = {https://www.first.org/resources/papers/tbilisi2014/turla-operations_and_development.pdf},
language = {English},
urldate = {2020-01-06}
}
Turla-development & operations Turla |
2015-01-20 ⋅ G Data ⋅ G Data @online{data:20150120:analysis:2fe6cf2,
author = {G Data},
title = {{Analysis of Project Cobra}},
date = {2015-01-20},
organization = {G Data},
url = {https://blog.gdatasoftware.com/2015/01/23926-analysis-of-project-cobra},
language = {English},
urldate = {2020-01-05}
}
Analysis of Project Cobra Cobra Carbon System |
2015-01-15 ⋅ G Data ⋅ G Data @online{data:20150115:weiterentwicklung:a65efbe,
author = {G Data},
title = {{Weiterentwicklung anspruchsvoller Spyware: von Agent.BTZ zu ComRAT}},
date = {2015-01-15},
organization = {G Data},
url = {https://blog.gdata.de/2015/01/23779-weiterentwicklung-anspruchsvoller-spyware-von-agent-btz-zu-comrat},
language = {English},
urldate = {2020-01-08}
}
Weiterentwicklung anspruchsvoller Spyware: von Agent.BTZ zu ComRAT Agent.BTZ |
2015 ⋅ Bitdefender ⋅ Cristian Istrate, Andrei Ardelean, Claudiu Cobliș, Marius Tivadar @techreport{istrate:2015:new:254e212,
author = {Cristian Istrate and Andrei Ardelean and Claudiu Cobliș and Marius Tivadar},
title = {{New Pacifier APT Components Point to Russian-Linked Turla Group}},
date = {2015},
institution = {Bitdefender},
url = {https://pdfhost.io/v/F0@QElMu2_MacProStorage_2017FinalBitdefenderWhitepaperNetrepserA4en_ENBitdefenderWhitepaperNetrepserA4en_ENindd.pdf},
language = {English},
urldate = {2023-02-13}
}
New Pacifier APT Components Point to Russian-Linked Turla Group KopiLuwak Gazer Skipper |
2014-12-09 ⋅ Threatpost ⋅ Michael Mimoso @online{mimoso:20141209:linux:67f8948,
author = {Michael Mimoso},
title = {{Linux Modules Connected to Turla APT Discovered}},
date = {2014-12-09},
organization = {Threatpost},
url = {https://threatpost.com/linux-modules-connected-to-turla-apt-discovered/109765/},
language = {English},
urldate = {2019-11-26}
}
Linux Modules Connected to Turla APT Discovered Turla |
2014-12-08 ⋅ Kaspersky Labs ⋅ Kurt Baumgartner, Costin Raiu @online{baumgartner:20141208:penquin:afd9ae5,
author = {Kurt Baumgartner and Costin Raiu},
title = {{The ‘Penquin’ Turla}},
date = {2014-12-08},
organization = {Kaspersky Labs},
url = {https://securelist.com/blog/research/67962/the-penquin-turla-2/},
language = {English},
urldate = {2019-12-20}
}
The ‘Penquin’ Turla Turla |
2014-11-11 ⋅ G Data ⋅ G Data @online{data:20141111:uroburos:8dce097,
author = {G Data},
title = {{The Uroburos case: new sophisticated RAT identified}},
date = {2014-11-11},
organization = {G Data},
url = {https://www.gdatasoftware.com/blog/2014/11/23937-the-uroburos-case-new-sophisticated-rat-identified},
language = {English},
urldate = {2020-01-08}
}
The Uroburos case: new sophisticated RAT identified Agent.BTZ Uroburos |
2014-08-07 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20140807:epic:f8b0803,
author = {GReAT},
title = {{The Epic Turla Operation}},
date = {2014-08-07},
organization = {Kaspersky Labs},
url = {https://securelist.com/analysis/publications/65545/the-epic-turla-operation/},
language = {English},
urldate = {2021-07-02}
}
The Epic Turla Operation Cobra Carbon System Uroburos Wipbot Turla |
2014-08-07 ⋅ The Guardian ⋅ Tom Brewster @online{brewster:20140807:sophisticated:5f484c8,
author = {Tom Brewster},
title = {{Sophisticated 'Turla' hackers spying on European governments, say researchers}},
date = {2014-08-07},
organization = {The Guardian},
url = {https://www.theguardian.com/technology/2014/aug/07/turla-hackers-spying-governments-researcher-kaspersky-symantec},
language = {English},
urldate = {2020-01-05}
}
Sophisticated 'Turla' hackers spying on European governments, say researchers Turla |
2014-08-07 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20140807:epic:ba080b6,
author = {GReAT},
title = {{The Epic Turla Operation}},
date = {2014-08-07},
organization = {Kaspersky Labs},
url = {https://securelist.com/the-epic-turla-operation/65545/},
language = {English},
urldate = {2019-12-20}
}
The Epic Turla Operation Turla |
2014-06-02 ⋅ G Data ⋅ G Data @online{data:20140602:analysis:1038a5f,
author = {G Data},
title = {{Analysis of Uroburos, using WinDbg}},
date = {2014-06-02},
organization = {G Data},
url = {https://www.gdatasoftware.com/blog/2014/06/23953-analysis-of-uroburos-using-windbg},
language = {English},
urldate = {2020-01-09}
}
Analysis of Uroburos, using WinDbg Uroburos |
2014-05-13 ⋅ G Data ⋅ G Data @online{data:20140513:uroburos:a8b1175,
author = {G Data},
title = {{Uroburos rootkit: Belgian Foreign Ministry stricken}},
date = {2014-05-13},
organization = {G Data},
url = {https://www.gdatasoftware.com/blog/2014/05/23958-uroburos-rootkit-belgian-foreign-ministry-stricken},
language = {English},
urldate = {2019-10-27}
}
Uroburos rootkit: Belgian Foreign Ministry stricken Uroburos |
2014-03-17 ⋅ BAE Systems ⋅ BAE Systems Applied Intelligence @techreport{intelligence:20140317:snake:6d2f730,
author = {BAE Systems Applied Intelligence},
title = {{Snake Campaign & Espionage Toolkit}},
date = {2014-03-17},
institution = {BAE Systems},
url = {https://artemonsecurity.com/snake_whitepaper.pdf},
language = {English},
urldate = {2022-10-20}
}
Snake Campaign & Espionage Toolkit Agent.BTZ Uroburos |
2014-03-12 ⋅ Blog (Artem Baranov) ⋅ Andrzej Dereszowski, Matthieu Kaczmarek @techreport{dereszowski:20140312:uroburos:789e718,
author = {Andrzej Dereszowski and Matthieu Kaczmarek},
title = {{Uroburos: the snake rootkit}},
date = {2014-03-12},
institution = {Blog (Artem Baranov)},
url = {https://artemonsecurity.com/uroburos.pdf},
language = {English},
urldate = {2022-05-25}
}
Uroburos: the snake rootkit Uroburos |
2014-03-12 ⋅ Kaspersky Labs ⋅ Alexander Gostev @online{gostev:20140312:agentbtz:8f1988f,
author = {Alexander Gostev},
title = {{Agent.btz: a Source of Inspiration?}},
date = {2014-03-12},
organization = {Kaspersky Labs},
url = {https://securelist.com/blog/virus-watch/58551/agent-btz-a-source-of-inspiration/},
language = {English},
urldate = {2019-12-20}
}
Agent.btz: a Source of Inspiration? Agent.BTZ |
2014-03-07 ⋅ G Data ⋅ G Data @online{data:20140307:uroburos:22ddc69,
author = {G Data},
title = {{Uroburos – Deeper travel into kernel protection mitigation}},
date = {2014-03-07},
organization = {G Data},
url = {https://www.gdatasoftware.com/blog/2014/03/23966-uroburos-deeper-travel-into-kernel-protection-mitigation},
language = {English},
urldate = {2019-11-23}
}
Uroburos – Deeper travel into kernel protection mitigation Uroburos |
2014-02-28 ⋅ G Data Blog ⋅ G Data @online{data:20140228:uroburos:f6fdb48,
author = {G Data},
title = {{Uroburos - highly complex espionage software with Russian roots}},
date = {2014-02-28},
organization = {G Data Blog},
url = {https://www.gdatasoftware.com/blog/2014/02/23968-uroburos-highly-complex-espionage-software-with-russian-roots},
language = {English},
urldate = {2019-11-28}
}
Uroburos - highly complex espionage software with Russian roots Uroburos |
2014 ⋅ circl.lu ⋅ CIRCL @online{circl:2014:tr25:97f9b0e,
author = {CIRCL},
title = {{TR-25 Analysis - Turla / Pfinet / Snake/ Uroburos}},
date = {2014},
organization = {circl.lu},
url = {https://www.circl.lu/pub/tr-25/},
language = {English},
urldate = {2020-07-01}
}
TR-25 Analysis - Turla / Pfinet / Snake/ Uroburos Cobra Carbon System Uroburos Turla |
2010-08-25 ⋅ The New York Times ⋅ Brian Knowlton @online{knowlton:20100825:military:dc8aa06,
author = {Brian Knowlton},
title = {{Military Computer Attack Confirmed}},
date = {2010-08-25},
organization = {The New York Times},
url = {https://www.nytimes.com/2010/08/26/technology/26cyber.html},
language = {English},
urldate = {2019-11-29}
}
Military Computer Attack Confirmed Turla |
2008-11-30 ⋅ ThreatExpert ⋅ Sergei Shevchenko @online{shevchenko:20081130:agentbtz:8c68643,
author = {Sergei Shevchenko},
title = {{Agent.btz - A Threat That Hit Pentagon}},
date = {2008-11-30},
organization = {ThreatExpert},
url = {http://blog.threatexpert.com/2008/11/agentbtz-threat-that-hit-pentagon.html},
language = {English},
urldate = {2020-01-08}
}
Agent.btz - A Threat That Hit Pentagon Agent.BTZ |