SYMBOLCOMMON_NAMEaka. SYNONYMS

Turla Group  (Back to overview)

aka: Turla, Snake, Venomous Bear, VENOMOUS Bear, Group 88, Waterbug, WRAITH, Turla Team, Uroburos, Pfinet, TAG_0530, KRYPTON, Hippo Team, Pacifier APT, Popeye, SIG23, Iron Hunter, MAKERSMARK

A 2014 Guardian article described Turla as: 'Dubbed the Turla hackers, initial intelligence had indicated western powers were key targets, but it was later determined embassies for Eastern Bloc nations were of more interest. Embassies in Belgium, Ukraine, China, Jordan, Greece, Kazakhstan, Armenia, Poland, and Germany were all attacked, though researchers from Kaspersky Lab and Symantec could not confirm which countries were the true targets. In one case from May 2012, the office of the prime minister of a former Soviet Union member country was infected, leading to 60 further computers being affected, Symantec researchers said. There were some other victims, including the ministry for health of a Western European country, the ministry for education of a Central American country, a state electricity provider in the Middle East and a medical organisation in the US, according to Symantec. It is believed the group was also responsible for a much - documented 2008 attack on the US Central Command. The attackers - who continue to operate - have ostensibly sought to carry out surveillance on targets and pilfer data, though their use of encryption across their networks has made it difficult to ascertain exactly what the hackers took.Kaspersky Lab, however, picked up a number of the attackers searches through their victims emails, which included terms such as Nato and EU energy dialogue Though attribution is difficult to substantiate, Russia has previously been suspected of carrying out the attacks and Symantecs Gavin O’ Gorman told the Guardian a number of the hackers appeared to be using Russian names and language in their notes for their malicious code. Cyrillic was also seen in use.'


Associated Families
asp.unidentified_001 elf.penquin_turla js.kopiluwak js.turla_ff_ext js.turla_maintools win.netflash win.neuron win.uroburos win.skipper win.powershellrunner osx.uroburos win.gazer win.wipbot win.lightneuron win.outlook_backdoor win.ksl0t win.mosquito win.nautilus win.newpass win.satellite_turla win.kazuar win.turla_rpc win.cobra win.turla_silentmoon win.agent_btz

References
2020-10-29US-CERTUS-CERT
@online{uscert:20201029:malware:c4c177c, author = {US-CERT}, title = {{Malware Analysis Report (AR20-303A): PowerShell Script: ComRAT}}, date = {2020-10-29}, organization = {US-CERT}, url = {https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303a}, language = {English}, urldate = {2020-11-02} } Malware Analysis Report (AR20-303A): PowerShell Script: ComRAT
Agent.BTZ
2020-10-28AccentureCyber Defense
@online{defense:20201028:turla:6f32714, author = {Cyber Defense}, title = {{Turla uses HyperStack, Carbon, and Kazuar to compromise government entity}}, date = {2020-10-28}, organization = {Accenture}, url = {https://www.accenture.com/us-en/blogs/cyber-defense/turla-belugasturgeon-compromises-government-entity}, language = {English}, urldate = {2020-10-29} } Turla uses HyperStack, Carbon, and Kazuar to compromise government entity
Cobra Carbon System Kazuar TurlaRPC Turla SilentMoon
2020-09-25Github (sisoma2)Marc
@online{marc:20200925:turla:06db824, author = {Marc}, title = {{Turla Carbon System}}, date = {2020-09-25}, organization = {Github (sisoma2)}, url = {https://github.com/sisoma2/malware_analysis/tree/master/turla_carbon}, language = {English}, urldate = {2020-10-02} } Turla Carbon System
Cobra Carbon System
2020-09-11Twitter (@Arkbird_SOLG)Arkbird
@online{arkbird:20200911:discovery:99adb88, author = {Arkbird}, title = {{Tweet on discovery of a sample}}, date = {2020-09-11}, organization = {Twitter (@Arkbird_SOLG)}, url = {https://twitter.com/Arkbird_SOLG/status/1304187749373800455}, language = {English}, urldate = {2020-10-21} } Tweet on discovery of a sample
Turla SilentMoon
2020-09-10Kaspersky LabsGReAT
@online{great:20200910:overview:f751b73, author = {GReAT}, title = {{An overview of targeted attacks and APTs on Linux}}, date = {2020-09-10}, organization = {Kaspersky Labs}, url = {https://securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98440/}, language = {English}, urldate = {2020-10-05} } An overview of targeted attacks and APTs on Linux
Cloud Snooper Dacls DoubleFantasy MESSAGETAP Penquin Turla Tsunami elf.wellmess X-Agent
2020-09-01Möbius Strip Reverse EngineeringRolf Rolles
@online{rolles:20200901:exhaustivelyanalyzed:0a5410d, author = {Rolf Rolles}, title = {{An Exhaustively-Analyzed IDB for ComRAT v4}}, date = {2020-09-01}, organization = {Möbius Strip Reverse Engineering}, url = {https://www.msreverseengineering.com/blog/2020/8/31/an-exhaustively-analyzed-idb-for-comrat-v4}, language = {English}, urldate = {2020-09-01} } An Exhaustively-Analyzed IDB for ComRAT v4
Agent.BTZ
2020-07-29ESET Researchwelivesecurity
@techreport{welivesecurity:20200729:threat:496355c, author = {welivesecurity}, title = {{THREAT REPORT Q2 2020}}, date = {2020-07-29}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf}, language = {English}, urldate = {2020-07-30} } THREAT REPORT Q2 2020
DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos Ransomware PlugX Pony REvil Socelars STOP Ransomware Tinba TrickBot WannaCryptor
2020-07-29Kaspersky LabsGReAT
@online{great:20200729:trends:6810325, author = {GReAT}, title = {{APT trends report Q2 2020}}, date = {2020-07-29}, organization = {Kaspersky Labs}, url = {https://securelist.com/apt-trends-report-q2-2020/97937/}, language = {English}, urldate = {2020-07-30} } APT trends report Q2 2020
PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel
2020-07-14TelsyTelsy
@online{telsy:20200714:turla:ef6592e, author = {Telsy}, title = {{Turla / Venomous Bear updates its arsenal: “NewPass” appears on the APT threat scene}}, date = {2020-07-14}, organization = {Telsy}, url = {https://www.telsy.com/turla-venomous-bear-updates-its-arsenal-newpass-appears-on-the-apt-threat-scene/}, language = {English}, urldate = {2020-07-16} } Turla / Venomous Bear updates its arsenal: “NewPass” appears on the APT threat scene
NewPass Turla Group
2020-06-09Kaspersky LabsCostin Raiu
@online{raiu:20200609:looking:3038dce, author = {Costin Raiu}, title = {{Looking at Big Threats Using Code Similarity. Part 1}}, date = {2020-06-09}, organization = {Kaspersky Labs}, url = {https://securelist.com/big-threats-using-code-similarity-part-1/97239/}, language = {English}, urldate = {2020-08-18} } Looking at Big Threats Using Code Similarity. Part 1
Penquin Turla CCleaner Backdoor EternalPetya Regin WannaCryptor XTunnel
2020-06-07Youtube (OPCDE)Silvio La Porta, Antonio Villani
@online{porta:20200607:penquin:cde32fc, author = {Silvio La Porta and Antonio Villani}, title = {{The Penquin is in da house}}, date = {2020-06-07}, organization = {Youtube (OPCDE)}, url = {https://www.youtube.com/watch?v=JXsjRUxx47E}, language = {English}, urldate = {2020-06-10} } The Penquin is in da house
Penquin Turla
2020-05-28EpicTurlaJuan Andrés Guerrero-Saade
@online{guerrerosaade:20200528:sysinturla:8cad820, author = {Juan Andrés Guerrero-Saade}, title = {{SysInTURLA}}, date = {2020-05-28}, organization = {EpicTurla}, url = {https://www.epicturla.com/blog/sysinturla}, language = {English}, urldate = {2020-05-29} } SysInTURLA
Kazuar
2020-05-26ESET ResearchMatthieu Faou
@techreport{faou:20200526:from:89e2854, author = {Matthieu Faou}, title = {{From Agent.BTZ to ComRAT v4: A ten‑year journey (White Paper)}}, date = {2020-05-26}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf}, language = {English}, urldate = {2020-05-27} } From Agent.BTZ to ComRAT v4: A ten‑year journey (White Paper)
Agent.BTZ
2020-05-26ESET ResearchMatthieu Faou
@online{faou:20200526:from:804e2da, author = {Matthieu Faou}, title = {{From Agent.BTZ to ComRAT v4: A ten‑year journey}}, date = {2020-05-26}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/}, language = {English}, urldate = {2020-05-27} } From Agent.BTZ to ComRAT v4: A ten‑year journey
Agent.BTZ
2020-05-21PICUS SecuritySüleyman Özarslan
@online{zarslan:20200521:t1055:4400f98, author = {Süleyman Özarslan}, title = {{T1055 Process Injection}}, date = {2020-05-21}, organization = {PICUS Security}, url = {https://www.picussecurity.com/blog/picus-10-critical-mitre-attck-techniques-t1055-process-injection}, language = {English}, urldate = {2020-06-03} } T1055 Process Injection
BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE
2020-05-14LeonardoLeonardo’s Cyber Security division
@techreport{division:20200514:malware:34fa46f, author = {Leonardo’s Cyber Security division}, title = {{Malware Technical Insight Turla "Penquin_x64"}}, date = {2020-05-14}, institution = {Leonardo}, url = {https://www.leonardocompany.com/documents/20142/10868623/Malware+Technical+Insight+_Turla+%E2%80%9CPenquin_x64%E2%80%9D.pdf}, language = {English}, urldate = {2020-05-14} } Malware Technical Insight Turla "Penquin_x64"
Penquin Turla
2020-04-07BlackberryBlackberry Research
@techreport{research:20200407:decade:6441e18, author = {Blackberry Research}, title = {{Decade of the RATS: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android}}, date = {2020-04-07}, institution = {Blackberry}, url = {https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-decade-of-the-rats.pdf}, language = {English}, urldate = {2020-08-10} } Decade of the RATS: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android
Penquin Turla XOR DDoS ZXShell
2020-03-12Recorded FutureInsikt Group
@online{group:20200312:swallowing:b1becb5, author = {Insikt Group}, title = {{Swallowing the Snake’s Tail: Tracking Turla Infrastructure}}, date = {2020-03-12}, organization = {Recorded Future}, url = {https://www.recordedfuture.com/turla-apt-infrastructure/}, language = {English}, urldate = {2020-03-13} } Swallowing the Snake’s Tail: Tracking Turla Infrastructure
Mosquito Sinowal
2020-03-12ESET ResearchMatthieu Faou
@online{faou:20200312:tracking:913d16e, author = {Matthieu Faou}, title = {{Tracking Turla: New backdoor delivered via Armenian watering holes}}, date = {2020-03-12}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/03/12/tracking-turla-new-backdoor-armenian-watering-holes/}, language = {English}, urldate = {2020-03-13} } Tracking Turla: New backdoor delivered via Armenian watering holes
LightNeuron Mosquito NetFlash Skipper
2020-03-04CrowdStrikeCrowdStrike
@techreport{crowdstrike:20200304:2020:818c85f, author = {CrowdStrike}, title = {{2020 CrowdStrike Global Threat Report}}, date = {2020-03-04}, institution = {CrowdStrike}, url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf}, language = {English}, urldate = {2020-07-24} } 2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Ransomware Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER Anunak APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER
2020-03-03PWC UKPWC UK
@techreport{uk:20200303:cyber:1f1eef0, author = {PWC UK}, title = {{Cyber Threats 2019:A Year in Retrospect}}, date = {2020-03-03}, institution = {PWC UK}, url = {https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf}, language = {English}, urldate = {2020-03-03} } Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare Axiom
2020-02-13QianxinQi Anxin Threat Intelligence Center
@techreport{center:20200213:report:146d333, author = {Qi Anxin Threat Intelligence Center}, title = {{APT Report 2019}}, date = {2020-02-13}, institution = {Qianxin}, url = {https://ti.qianxin.com/uploads/2020/02/13/cb78386a082f465f259b37dae5df4884.pdf}, language = {English}, urldate = {2020-02-27} } APT Report 2019
Chrysaor Exodus Dacls elf.vpnfilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy
2020SecureworksSecureWorks
@online{secureworks:2020:iron:de2007f, author = {SecureWorks}, title = {{IRON HUNTER}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/iron-hunter}, language = {English}, urldate = {2020-05-23} } IRON HUNTER
Agent.BTZ Cobra Carbon System LightNeuron Mosquito Nautilus Neuron Skipper Uroburos Turla Group
2019-10-21NCSC UKNCSC UK
@online{uk:20191021:advisory:8f9f0e8, author = {NCSC UK}, title = {{Advisory: Turla group exploits Iranian APT to expand coverage of victims}}, date = {2019-10-21}, organization = {NCSC UK}, url = {https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims}, language = {English}, urldate = {2020-01-06} } Advisory: Turla group exploits Iranian APT to expand coverage of victims
Nautilus Neuron
2019-08-12Kindred SecurityKindred Security
@online{security:20190812:overview:0726c0a, author = {Kindred Security}, title = {{An Overview of Public Platform C2’s}}, date = {2019-08-12}, organization = {Kindred Security}, url = {https://kindredsec.com/2019/08/12/an-overview-of-public-platform-c2s/}, language = {English}, urldate = {2020-01-08} } An Overview of Public Platform C2’s
HTML5 Encoding LOWBALL Makadocs MiniDuke RogueRobinNET RokRAT
2019-07-26Github (eset)ESET Research
@online{research:20190726:turla:d2b71c9, author = {ESET Research}, title = {{Turla Indicators of Compromise}}, date = {2019-07-26}, organization = {Github (eset)}, url = {https://github.com/eset/malware-ioc/tree/master/turla}, language = {English}, urldate = {2020-01-08} } Turla Indicators of Compromise
Gazer
2019-07-080ffset Blog0verfl0w_
@online{0verfl0w:20190708:analyzing:f246b28, author = {0verfl0w_}, title = {{Analyzing KSL0T (Turla’s Keylogger), Part 1 – Reupload}}, date = {2019-07-08}, organization = {0ffset Blog}, url = {https://0ffset.net/reverse-engineering/malware-analysis/analyzing-turlas-keylogger-1/}, language = {English}, urldate = {2020-01-06} } Analyzing KSL0T (Turla’s Keylogger), Part 1 – Reupload
KSL0T
2019-07-080ffset Blog0verfl0w_
@online{0verfl0w:20190708:analyzing:b984acf, author = {0verfl0w_}, title = {{Analyzing KSL0T (Turla’s Keylogger), Part 2 – Reupload}}, date = {2019-07-08}, organization = {0ffset Blog}, url = {https://0ffset.net/reverse-engineering/malware-analysis/analyzing-turlas-keylogger-2/}, language = {English}, urldate = {2020-01-10} } Analyzing KSL0T (Turla’s Keylogger), Part 2 – Reupload
KSL0T
2019-06-20SymantecSymantec DeepSight Adversary Intelligence Team, Symantec Network Protection Security Labs
@online{team:20190620:waterbug:9c50dd1, author = {Symantec DeepSight Adversary Intelligence Team and Symantec Network Protection Security Labs}, title = {{Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments}}, date = {2019-06-20}, organization = {Symantec}, url = {https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments}, language = {English}, urldate = {2020-01-13} } Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments
LightNeuron
2019-05-29ESET ResearchMatthieu Faou, Romain Dumont
@online{faou:20190529:dive:3afd32e, author = {Matthieu Faou and Romain Dumont}, title = {{A dive into Turla PowerShell usage}}, date = {2019-05-29}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/}, language = {English}, urldate = {2019-11-14} } A dive into Turla PowerShell usage
PowerShellRunner TurlaRPC
2019-05-19TelsyWebmaster
@online{webmaster:20190519:following:d15ba1c, author = {Webmaster}, title = {{Following the Turla’s Skipper over the ocean of cyber operations}}, date = {2019-05-19}, organization = {Telsy}, url = {https://blog.telsy.com/following-the-turlas-skipper-over-the-ocean-of-cyber-operations/}, language = {English}, urldate = {2020-01-08} } Following the Turla’s Skipper over the ocean of cyber operations
Skipper
2019-05-07ESET ResearchMatthieu Faou
@online{faou:20190507:turla:0300283, author = {Matthieu Faou}, title = {{Turla LightNeuron: An email too far}}, date = {2019-05-07}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2019/05/07/turla-lightneuron-email-too-far/}, language = {English}, urldate = {2019-11-14} } Turla LightNeuron: An email too far
LightNeuron
2019-05ESET ResearchMatthieu Faou
@techreport{faou:201905:turla:5a8a05f, author = {Matthieu Faou}, title = {{TURLA LIGHTNEURON: One email away from remote code execution}}, date = {2019-05}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf}, language = {English}, urldate = {2020-01-08} } TURLA LIGHTNEURON: One email away from remote code execution
LightNeuron
2019-04-19Github (hfiref0x)hfiref0x
@online{hfiref0x:20190419:tdl:31ca191, author = {hfiref0x}, title = {{TDL (Turla Driver Loader) Repository}}, date = {2019-04-19}, organization = {Github (hfiref0x)}, url = {https://github.com/hfiref0x/TDL}, language = {English}, urldate = {2020-01-08} } TDL (Turla Driver Loader) Repository
Cobra Carbon System
2019-04-13GitHubVitali Kremez
@online{kremez:20190413:decoded:c9b46a9, author = {Vitali Kremez}, title = {{Decoded Turla Powershell Implant}}, date = {2019-04-13}, organization = {GitHub}, url = {https://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2019-04-13-Possible-Turla-PowerShell-Implant.ps1}, language = {English}, urldate = {2019-07-11} } Decoded Turla Powershell Implant
PowerShellRunner
2019-01-17Twitter (@VK_intel)Vitali Kremez
@online{kremez:20190117:turla:1eff5e6, author = {Vitali Kremez}, title = {{Tweet on Turla Outlook Backdoor}}, date = {2019-01-17}, organization = {Twitter (@VK_intel)}, url = {https://twitter.com/VK_Intel/status/1085820673811992576}, language = {English}, urldate = {2020-01-13} } Tweet on Turla Outlook Backdoor
Outlook Backdoor
2019MITREMITRE ATT&CK
@online{attck:2019:turla:6c3dec8, author = {MITRE ATT&CK}, title = {{Group description: Turla}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0010/}, language = {English}, urldate = {2019-12-20} } Group description: Turla
Turla Group
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:turla:84132fe, author = {Cyber Operations Tracker}, title = {{Turla}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/turla}, language = {English}, urldate = {2019-12-20} } Turla
Turla Group
2018-11-22nccgroupBen Humphrey
@online{humphrey:20181122:turla:de7f30a, author = {Ben Humphrey}, title = {{Turla PNG Dropper is back}}, date = {2018-11-22}, organization = {nccgroup}, url = {https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/}, language = {English}, urldate = {2019-11-21} } Turla PNG Dropper is back
Uroburos Turla Group
2018-10-05_
@online{:20181005:post:4890d7d, author = {_}, title = {{Post 0x17.2: Analyzing Turla’s Keylogger}}, date = {2018-10-05}, url = {https://0ffset.wordpress.com/2018/10/05/post-0x17-2-turla-keylogger/}, language = {English}, urldate = {2019-07-27} } Post 0x17.2: Analyzing Turla’s Keylogger
KSL0T
2018-10-04Kaspersky LabsGReAT
@online{great:20181004:shedding:5f22310, author = {GReAT}, title = {{Shedding Skin – Turla’s Fresh Faces}}, date = {2018-10-04}, organization = {Kaspersky Labs}, url = {https://securelist.com/shedding-skin-turlas-fresh-faces/88069/}, language = {English}, urldate = {2020-02-27} } Shedding Skin – Turla’s Fresh Faces
KopiLuwak Cobra Carbon System Gazer Mosquito Skipper
2018-09-10Youtube ( Monnappa K A)Monnappa K A
@online{a:20180910:turla:c92b687, author = {Monnappa K A}, title = {{turla gazer backdoor code injection & winlogon shell persistence}}, date = {2018-09-10}, organization = {Youtube ( Monnappa K A)}, url = {https://www.youtube.com/watch?v=Pvzhtjl86wc}, language = {English}, urldate = {2020-01-13} } turla gazer backdoor code injection & winlogon shell persistence
Gazer
2018-08-22ESET ResearchESET researchers
@techreport{researchers:20180822:turla:d444ef7, author = {ESET researchers}, title = {{Turla Outlook Backdoor}}, date = {2018-08-22}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2018/08/Eset-Turla-Outlook-Backdoor.pdf}, language = {English}, urldate = {2019-10-18} } Turla Outlook Backdoor
Outlook Backdoor
2018-08-22Bleeping ComputerIonut Ilascu
@online{ilascu:20180822:turla:b3753aa, author = {Ionut Ilascu}, title = {{Turla Outlook Backdoor Uses Clever Tactics for Stealth and Persistence}}, date = {2018-08-22}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/turla-outlook-backdoor-uses-clever-tactics-for-stealth-and-persistence/}, language = {English}, urldate = {2019-12-20} } Turla Outlook Backdoor Uses Clever Tactics for Stealth and Persistence
Turla Group
2018-07-10Kaspersky LabsGReAT
@online{great:20180710:trends:4651c7b, author = {GReAT}, title = {{APT Trends Report Q2 2018}}, date = {2018-07-10}, organization = {Kaspersky Labs}, url = {https://securelist.com/apt-trends-report-q2-2018/86487/}, language = {English}, urldate = {2019-12-20} } APT Trends Report Q2 2018
LightNeuron PoorWeb
2018-05-22ESET ResearchESET Research
@online{research:20180522:turla:358ccf7, author = {ESET Research}, title = {{Turla Mosquito: A shift towards more generic tools}}, date = {2018-05-22}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools/}, language = {English}, urldate = {2019-11-14} } Turla Mosquito: A shift towards more generic tools
Mosquito Turla Group
2018-03Kaspersky LabsJuan Andrés Guerrero-Saade, Costin Raiu, Daniel Moore, Thomas Rid
@techreport{guerrerosaade:201803:penquins:1c6305e, author = {Juan Andrés Guerrero-Saade and Costin Raiu and Daniel Moore and Thomas Rid}, title = {{Penquin's Moonlit Maze}}, date = {2018-03}, institution = {Kaspersky Labs}, url = {https://securelist.com/files/2017/04/Penquins_Moonlit_Maze_PDF_eng.pdf}, language = {English}, urldate = {2019-11-25} } Penquin's Moonlit Maze
Penquin Turla
2018-03CrySyS LabBoldizsar Bencsath
@techreport{bencsath:201803:territorial:04343bb, author = {Boldizsar Bencsath}, title = {{Territorial Dispute – NSA’s perspective on APT landscape}}, date = {2018-03}, institution = {CrySyS Lab}, url = {https://www.crysys.hu/publications/files/tedi/ukatemicrysys_territorialdispute.pdf}, language = {English}, urldate = {2020-05-07} } Territorial Dispute – NSA’s perspective on APT landscape
9002 RAT Agent.BTZ DuQu EYService Flame FlowerShop Stuxnet Uroburos
2018-01-22ZDNetDanny Palmer
@online{palmer:20180122:this:cce88e0, author = {Danny Palmer}, title = {{This hacking gang just updated the malware it uses against UK targets}}, date = {2018-01-22}, organization = {ZDNet}, url = {https://www.zdnet.com/article/this-hacking-gang-just-updated-the-malware-it-uses-against-uk-targets/}, language = {English}, urldate = {2020-01-13} } This hacking gang just updated the malware it uses against UK targets
Turla Group
2018-01-17NCSC UKNCSC UK
@online{uk:20180117:turla:7563012, author = {NCSC UK}, title = {{Turla group malware}}, date = {2018-01-17}, organization = {NCSC UK}, url = {https://www.ncsc.gov.uk/alerts/turla-group-malware}, language = {English}, urldate = {2020-01-06} } Turla group malware
Nautilus Neuron
2018-01ESET ResearchEset
@techreport{eset:201801:diplomats:89688b4, author = {Eset}, title = {{Diplomats in Eastern Europe bitten by a Turla mosquito}}, date = {2018-01}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf}, language = {English}, urldate = {2020-01-08} } Diplomats in Eastern Europe bitten by a Turla mosquito
Mosquito
2017-12-24Twitter (@juanandres_gs)Juan Andrés Guerrero-Saade
@online{guerrerosaade:20171224:turla:dd95598, author = {Juan Andrés Guerrero-Saade}, title = {{Tweet on Turla Penquin}}, date = {2017-12-24}, organization = {Twitter (@juanandres_gs)}, url = {https://twitter.com/juanandres_gs/status/944741575837528064}, language = {English}, urldate = {2020-01-06} } Tweet on Turla Penquin
Penquin Turla
2017-10-04Twitter (@JohnLaTwC)John Lambert
@online{lambert:20171004:turla:904593f, author = {John Lambert}, title = {{Tweet on Turla JS backdoor}}, date = {2017-10-04}, organization = {Twitter (@JohnLaTwC)}, url = {https://twitter.com/JohnLaTwC/status/915590893155098629}, language = {English}, urldate = {2019-10-23} } Tweet on Turla JS backdoor
Maintools.js
2017-09-13IntezerOmri Ben Bassat
@online{bassat:20170913:new:376f00f, author = {Omri Ben Bassat}, title = {{New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 2/2}}, date = {2017-09-13}, organization = {Intezer}, url = {http://www.intezer.com/new-variants-of-agent-btz-comrat-found-part-2/}, language = {English}, urldate = {2019-12-24} } New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 2/2
Agent.BTZ
2017-08-30ESET ResearchGraham Cluley
@online{cluley:20170830:new:c821389, author = {Graham Cluley}, title = {{New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies}}, date = {2017-08-30}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2017/08/30/eset-research-cyberespionage-gazer/}, language = {English}, urldate = {2019-11-14} } New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies
Gazer
2017-08-30Kaspersky LabsGReAT
@online{great:20170830:introducing:80a9653, author = {GReAT}, title = {{Introducing WhiteBear}}, date = {2017-08-30}, organization = {Kaspersky Labs}, url = {https://securelist.com/introducing-whitebear/81638/}, language = {English}, urldate = {2019-12-20} } Introducing WhiteBear
Gazer Turla Group White Bear
2017-08-21Trend MicroTrend Micro
@online{micro:20170821:cyberespionage:db82222, author = {Trend Micro}, title = {{Cyberespionage Group Turla Deploys Backdoor Ahead of G20 Task Force Summit}}, date = {2017-08-21}, organization = {Trend Micro}, url = {https://www.trendmicro.com/vinfo/vn/security/news/cyber-attacks/cyberespionage-group-turla-deploys-backdoor-ahead-of-g20-summit}, language = {English}, urldate = {2019-11-29} } Cyberespionage Group Turla Deploys Backdoor Ahead of G20 Task Force Summit
Turla Group
2017-08-18vmwareJared Myers
@online{myers:20170818:threat:6ee2607, author = {Jared Myers}, title = {{Threat Analysis: Carbon Black Threat Research Dissects PNG Dropper}}, date = {2017-08-18}, organization = {vmware}, url = {https://www.carbonblack.com/2017/08/18/threat-analysis-carbon-black-threat-research-dissects-png-dropper/}, language = {English}, urldate = {2020-01-09} } Threat Analysis: Carbon Black Threat Research Dissects PNG Dropper
Uroburos
2017-08-17ProofpointDarien Huss
@online{huss:20170817:turla:b519667, author = {Darien Huss}, title = {{Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack}}, date = {2017-08-17}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack}, language = {English}, urldate = {2019-12-20} } Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack
KopiLuwak
2017-08-07IntezerOmri Ben Bassat
@online{bassat:20170807:new:d776333, author = {Omri Ben Bassat}, title = {{New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 1/2}}, date = {2017-08-07}, organization = {Intezer}, url = {http://www.intezer.com/new-variants-of-agent-btz-comrat-found/}, language = {English}, urldate = {2019-12-17} } New Variants of Agent.BTZ/ComRAT Found: The Threat That Hit The Pentagon In 2008 Still Evolving; Part 1/2
Agent.BTZ
2017-08ESET ResearchGazing at Gazer, Turla’s new second stage backdoor
@techreport{gazer:201708:gazing:b454362, author = {Gazing at Gazer and Turla’s new second stage backdoor}, title = {{Gazing at Gazer Turla’s new second stage backdoor}}, date = {2017-08}, institution = {ESET Research}, url = {https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf}, language = {English}, urldate = {2020-01-08} } Gazing at Gazer Turla’s new second stage backdoor
Turla Group
2017-06-07engadgetMallory Locklear
@online{locklear:20170607:russian:65a8aed, author = {Mallory Locklear}, title = {{Russian malware link hid in a comment on Britney Spears' Instagram}}, date = {2017-06-07}, organization = {engadget}, url = {https://www.engadget.com/2017/06/07/russian-malware-hidden-britney-spears-instagram/}, language = {English}, urldate = {2020-01-08} } Russian malware link hid in a comment on Britney Spears' Instagram
Turla Group
2017-06-06ESET ResearchJean-Ian Boutin
@online{boutin:20170606:turlas:f9b4935, author = {Jean-Ian Boutin}, title = {{Turla’s watering hole campaign: An updated Firefox extension abusing Instagram}}, date = {2017-06-06}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/}, language = {English}, urldate = {2019-11-14} } Turla’s watering hole campaign: An updated Firefox extension abusing Instagram
HTML5 Encoding Skipper
2017-05-05MalwarebytesThomas Reed
@online{reed:20170505:snake:01961aa, author = {Thomas Reed}, title = {{Snake malware ported from Windows to Mac}}, date = {2017-05-05}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2017/05/snake-malware-ported-windows-mac/}, language = {English}, urldate = {2019-12-20} } Snake malware ported from Windows to Mac
Uroburos
2017-05-03Palo Alto Networks Unit 42Brandon Levene, Robert Falcone, Tyler Halfpop
@online{levene:20170503:kazuar:84e99e2, author = {Brandon Levene and Robert Falcone and Tyler Halfpop}, title = {{Kazuar: Multiplatform Espionage Backdoor with API Access}}, date = {2017-05-03}, organization = {Palo Alto Networks Unit 42}, url = {http://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-access/}, language = {English}, urldate = {2019-12-20} } Kazuar: Multiplatform Espionage Backdoor with API Access
Kazuar
2017-05-03Palo Alto Networks Unit 42Brandon Levene, Robert Falcone, Tyler Halfpop
@online{levene:20170503:kazuar:b869345, author = {Brandon Levene and Robert Falcone and Tyler Halfpop}, title = {{Kazuar: Multiplatform Espionage Backdoor with API Access}}, date = {2017-05-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unit42-kazuar-multiplatform-espionage-backdoor-api-access/}, language = {English}, urldate = {2020-01-09} } Kazuar: Multiplatform Espionage Backdoor with API Access
Turla Group
2017-05-03Fox-ITJelle Vergeer, Krijn de Mik, Mitchel Sahertian, Maarten van Dantzig, Yun Zheng Hu
@online{vergeer:20170503:snake:2987af1, author = {Jelle Vergeer and Krijn de Mik and Mitchel Sahertian and Maarten van Dantzig and Yun Zheng Hu}, title = {{Snake: Coming soon in Mac OS X flavour}}, date = {2017-05-03}, organization = {Fox-IT}, url = {https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/}, language = {English}, urldate = {2019-12-17} } Snake: Coming soon in Mac OS X flavour
Uroburos
2017-04-03Kaspersky LabsCostin Raiu, Daniel Moore, Juan Andrés Guerrero-Saade, Thomas Rid
@techreport{raiu:20170403:moonlight:99d2089, author = {Costin Raiu and Daniel Moore and Juan Andrés Guerrero-Saade and Thomas Rid}, title = {{Moonlight Maze Technical Report (Appendix B)}}, date = {2017-04-03}, institution = {Kaspersky Labs}, url = {https://securelist.com/files/2017/04/Penquins_Moonlit_Maze_AppendixB.pdf}, language = {English}, urldate = {2019-11-29} } Moonlight Maze Technical Report (Appendix B)
Penquin Turla
2017-04-03Kaspersky LabsNikolay Pankov
@online{pankov:20170403:moonlight:6ce6041, author = {Nikolay Pankov}, title = {{Moonlight Maze: Lessons from history}}, date = {2017-04-03}, organization = {Kaspersky Labs}, url = {https://www.kaspersky.com/blog/moonlight-maze-the-lessons/6713/}, language = {English}, urldate = {2020-01-09} } Moonlight Maze: Lessons from history
Turla Group
2017-03-30ESET ResearchESET Research
@online{research:20170330:carbon:928505a, author = {ESET Research}, title = {{Carbon Paper: Peering into Turla’s second stage backdoor}}, date = {2017-03-30}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/}, language = {English}, urldate = {2019-11-14} } Carbon Paper: Peering into Turla’s second stage backdoor
Cobra Carbon System Turla Group
2017-02-02Kaspersky LabsBrian Bartholomew
@online{bartholomew:20170202:kopiluwak:d5c0245, author = {Brian Bartholomew}, title = {{KopiLuwak: A New JavaScript Payload from Turla}}, date = {2017-02-02}, organization = {Kaspersky Labs}, url = {https://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payload-from-turla/}, language = {English}, urldate = {2019-12-20} } KopiLuwak: A New JavaScript Payload from Turla
KopiLuwak
2016-09-07Virus BulletinBrian Bartholomew, Juan Andrés Guerrero-Saade
@techreport{bartholomew:20160907:wave:96e9f50, author = {Brian Bartholomew and Juan Andrés Guerrero-Saade}, title = {{Wave Your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks}}, date = {2016-09-07}, institution = {Virus Bulletin}, url = {https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2017/10/20114955/Bartholomew-GuerreroSaade-VB2016.pdf}, language = {English}, urldate = {2020-03-13} } Wave Your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks
DuQu JripBot Sinowal Stuxnet Wipbot
2016-06-30BitdefenderBitdefender
@techreport{bitdefender:20160630:pacifier:642af11, author = {Bitdefender}, title = {{Pacifier APT}}, date = {2016-06-30}, institution = {Bitdefender}, url = {https://download.bitdefender.com/resources/files/News/CaseStudies/study/115/Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf}, language = {English}, urldate = {2020-01-08} } Pacifier APT
Gazer Turla Group
2016-06-30BitdefenderBitdefender
@techreport{bitdefender:20160630:pacifier:2b7078c, author = {Bitdefender}, title = {{Pacifier APT}}, date = {2016-06-30}, institution = {Bitdefender}, url = {http://download.bitdefender.com/resources/files/News/CaseStudies/study/115/Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf}, language = {English}, urldate = {2020-01-13} } Pacifier APT
Turla Group
2016-06-30BitdefenderBitdefender
@techreport{bitdefender:20160630:pacifier:cbcb081, author = {Bitdefender}, title = {{Pacifier APT}}, date = {2016-06-30}, institution = {Bitdefender}, url = {https://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender-Whitepaper-PAC-A4-en_EN1.pdf}, language = {English}, urldate = {2020-01-09} } Pacifier APT
Skipper
2016-05-23MELANI GovCERTGovCERT.ch
@techreport{govcertch:20160523:case:b6612e9, author = {GovCERT.ch}, title = {{APT Case RUAG - Technical Report}}, date = {2016-05-23}, institution = {MELANI GovCERT}, url = {https://www.melani.admin.ch/dam/melani/de/dokumente/2016/technical%20report%20ruag.pdf.download.pdf/Report_Ruag-Espionage-Case.pdf}, language = {English}, urldate = {2019-12-17} } APT Case RUAG - Technical Report
Cobra Carbon System
2016-05-23Reporting and Analysis Centre for Information Assurance MELANISpecialist Staff
@online{staff:20160523:technical:07ea0f3, author = {Specialist Staff}, title = {{Technical Report about the Malware used in the Cyberespionage against RUAG}}, date = {2016-05-23}, organization = {Reporting and Analysis Centre for Information Assurance MELANI}, url = {https://www.melani.admin.ch/melani/en/home/dokumentation/reports/technical-reports/technical-report_apt_case_ruag.html}, language = {English}, urldate = {2020-01-05} } Technical Report about the Malware used in the Cyberespionage against RUAG
Turla Group
2016-01-14SymantecSecurity Response
@techreport{response:20160114:waterbug:9dbc59e, author = {Security Response}, title = {{The Waterbug attack group}}, date = {2016-01-14}, institution = {Symantec}, url = {https://www-west.symantec.com/content/dam/symantec/docs/security-center/white-papers/waterbug-attack-group-16-en.pdf}, language = {English}, urldate = {2020-04-21} } The Waterbug attack group
Agent.BTZ Cobra Carbon System Wipbot Turla Group
2016-01-14SymantecSecurity Response
@techreport{response:20160114:waterbug:51a4dbd, author = {Security Response}, title = {{The Waterbug attack group}}, date = {2016-01-14}, institution = {Symantec}, url = {https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf}, language = {English}, urldate = {2020-01-09} } The Waterbug attack group
Agent.BTZ Wipbot Turla Group
2016-01-13Yie
@online{yie:20160113:russian:1a011c6, author = {Yie}, title = {{Russian group behind 2013 Foreign Ministry hack}}, date = {2016-01-13}, url = {https://yle.fi/uutiset/osasto/news/russian_group_behind_2013_foreign_ministry_hack/8591548}, language = {English}, urldate = {2019-11-22} } Russian group behind 2013 Foreign Ministry hack
Turla Group
2015-11FireEyeFireEye
@techreport{fireeye:201511:pinpointing:03765ec, author = {FireEye}, title = {{PINPOINTING TARGETS: Exploiting Web Analytics to Ensnare Victims}}, date = {2015-11}, institution = {FireEye}, url = {https://www2.fireeye.com/rs/848-DID-242/images/rpt-witchcoven.pdf}, language = {English}, urldate = {2020-01-08} } PINPOINTING TARGETS: Exploiting Web Analytics to Ensnare Victims
witchcoven Turla Group
2015-09-09Kaspersky LabsStefan Tanase
@online{tanase:20150909:satellite:7f8b3ed, author = {Stefan Tanase}, title = {{Satellite Turla: APT Command and Control in the Sky}}, date = {2015-09-09}, organization = {Kaspersky Labs}, url = {https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/}, language = {English}, urldate = {2019-12-20} } Satellite Turla: APT Command and Control in the Sky
Turla Group
2015-09-09Kaspersky LabsStefan Tanase
@online{tanase:20150909:satellite:b8728d5, author = {Stefan Tanase}, title = {{Satellite Turla: APT Command and Control in the Sky}}, date = {2015-09-09}, organization = {Kaspersky Labs}, url = {https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081/}, language = {English}, urldate = {2019-12-20} } Satellite Turla: APT Command and Control in the Sky
Satellite Turla Turla Group
2015-02-11FIRST TbilisiAndrzej Dereszowski
@techreport{dereszowski:20150211:turladevelopment:98e2483, author = {Andrzej Dereszowski}, title = {{Turla-development & operations}}, date = {2015-02-11}, institution = {FIRST Tbilisi}, url = {https://www.first.org/resources/papers/tbilisi2014/turla-operations_and_development.pdf}, language = {English}, urldate = {2020-01-06} } Turla-development & operations
Turla Group
2015-01-20G DataG Data
@online{data:20150120:analysis:2fe6cf2, author = {G Data}, title = {{Analysis of Project Cobra}}, date = {2015-01-20}, organization = {G Data}, url = {https://blog.gdatasoftware.com/2015/01/23926-analysis-of-project-cobra}, language = {English}, urldate = {2020-01-05} } Analysis of Project Cobra
Cobra Carbon System
2015-01-15G DataG Data
@online{data:20150115:weiterentwicklung:a65efbe, author = {G Data}, title = {{Weiterentwicklung anspruchsvoller Spyware: von Agent.BTZ zu ComRAT}}, date = {2015-01-15}, organization = {G Data}, url = {https://blog.gdata.de/2015/01/23779-weiterentwicklung-anspruchsvoller-spyware-von-agent-btz-zu-comrat}, language = {English}, urldate = {2020-01-08} } Weiterentwicklung anspruchsvoller Spyware: von Agent.BTZ zu ComRAT
Agent.BTZ
2015BitdefenderCristian Istrate, Andrei Ardelean, Claudiu Cobliș, Marius Tivadar
@techreport{istrate:2015:new:254e212, author = {Cristian Istrate and Andrei Ardelean and Claudiu Cobliș and Marius Tivadar}, title = {{New Pacifier APT Components Point to Russian-Linked Turla Group}}, date = {2015}, institution = {Bitdefender}, url = {https://pdfhost.io/v/F0@QElMu2_MacProStorage_2017FinalBitdefenderWhitepaperNetrepserA4en_ENBitdefenderWhitepaperNetrepserA4en_ENindd.pdf}, language = {English}, urldate = {2020-01-08} } New Pacifier APT Components Point to Russian-Linked Turla Group
Skipper
2014-12-09ThreatpostMichael Mimoso
@online{mimoso:20141209:linux:67f8948, author = {Michael Mimoso}, title = {{Linux Modules Connected to Turla APT Discovered}}, date = {2014-12-09}, organization = {Threatpost}, url = {https://threatpost.com/linux-modules-connected-to-turla-apt-discovered/109765/}, language = {English}, urldate = {2019-11-26} } Linux Modules Connected to Turla APT Discovered
Turla Group
2014-12-08Kaspersky LabsKurt Baumgartner, Costin Raiu
@online{baumgartner:20141208:penquin:afd9ae5, author = {Kurt Baumgartner and Costin Raiu}, title = {{The ‘Penquin’ Turla}}, date = {2014-12-08}, organization = {Kaspersky Labs}, url = {https://securelist.com/blog/research/67962/the-penquin-turla-2/}, language = {English}, urldate = {2019-12-20} } The ‘Penquin’ Turla
Turla Group
2014-11-11G DataG Data
@online{data:20141111:uroburos:8dce097, author = {G Data}, title = {{The Uroburos case: new sophisticated RAT identified}}, date = {2014-11-11}, organization = {G Data}, url = {https://www.gdatasoftware.com/blog/2014/11/23937-the-uroburos-case-new-sophisticated-rat-identified}, language = {English}, urldate = {2020-01-08} } The Uroburos case: new sophisticated RAT identified
Agent.BTZ Uroburos
2014-08-07Kaspersky LabsGReAT
@online{great:20140807:epic:f8b0803, author = {GReAT}, title = {{The Epic Turla Operation}}, date = {2014-08-07}, organization = {Kaspersky Labs}, url = {https://securelist.com/analysis/publications/65545/the-epic-turla-operation/}, language = {English}, urldate = {2019-12-20} } The Epic Turla Operation
Cobra Carbon System Turla Group
2014-08-07Kaspersky LabsGReAT
@online{great:20140807:epic:ba080b6, author = {GReAT}, title = {{The Epic Turla Operation}}, date = {2014-08-07}, organization = {Kaspersky Labs}, url = {https://securelist.com/the-epic-turla-operation/65545/}, language = {English}, urldate = {2019-12-20} } The Epic Turla Operation
Turla Group
2014-08-07The GuardianTom Brewster
@online{brewster:20140807:sophisticated:5f484c8, author = {Tom Brewster}, title = {{Sophisticated 'Turla' hackers spying on European governments, say researchers}}, date = {2014-08-07}, organization = {The Guardian}, url = {https://www.theguardian.com/technology/2014/aug/07/turla-hackers-spying-governments-researcher-kaspersky-symantec}, language = {English}, urldate = {2020-01-05} } Sophisticated 'Turla' hackers spying on European governments, say researchers
Turla Group
2014-06-02G DataG Data
@online{data:20140602:analysis:1038a5f, author = {G Data}, title = {{Analysis of Uroburos, using WinDbg}}, date = {2014-06-02}, organization = {G Data}, url = {https://www.gdatasoftware.com/blog/2014/06/23953-analysis-of-uroburos-using-windbg}, language = {English}, urldate = {2020-01-09} } Analysis of Uroburos, using WinDbg
Uroburos
2014-05-13G DataG Data
@online{data:20140513:uroburos:a8b1175, author = {G Data}, title = {{Uroburos rootkit: Belgian Foreign Ministry stricken}}, date = {2014-05-13}, organization = {G Data}, url = {https://www.gdatasoftware.com/blog/2014/05/23958-uroburos-rootkit-belgian-foreign-ministry-stricken}, language = {English}, urldate = {2019-10-27} } Uroburos rootkit: Belgian Foreign Ministry stricken
Uroburos
2014-03-12Kaspersky LabsAlexander Gostev
@online{gostev:20140312:agentbtz:8f1988f, author = {Alexander Gostev}, title = {{Agent.btz: a Source of Inspiration?}}, date = {2014-03-12}, organization = {Kaspersky Labs}, url = {https://securelist.com/blog/virus-watch/58551/agent-btz-a-source-of-inspiration/}, language = {English}, urldate = {2019-12-20} } Agent.btz: a Source of Inspiration?
Agent.BTZ
2014-03-07G DataG Data
@online{data:20140307:uroburos:22ddc69, author = {G Data}, title = {{Uroburos – Deeper travel into kernel protection mitigation}}, date = {2014-03-07}, organization = {G Data}, url = {https://www.gdatasoftware.com/blog/2014/03/23966-uroburos-deeper-travel-into-kernel-protection-mitigation}, language = {English}, urldate = {2019-11-23} } Uroburos – Deeper travel into kernel protection mitigation
Uroburos
2014-02-28G Data BlogG Data
@online{data:20140228:uroburos:f6fdb48, author = {G Data}, title = {{Uroburos - highly complex espionage software with Russian roots}}, date = {2014-02-28}, organization = {G Data Blog}, url = {https://www.gdatasoftware.com/blog/2014/02/23968-uroburos-highly-complex-espionage-software-with-russian-roots}, language = {English}, urldate = {2019-11-28} } Uroburos - highly complex espionage software with Russian roots
Uroburos
2014circl.luCIRCL
@online{circl:2014:tr25:97f9b0e, author = {CIRCL}, title = {{TR-25 Analysis - Turla / Pfinet / Snake/ Uroburos}}, date = {2014}, organization = {circl.lu}, url = {https://www.circl.lu/pub/tr-25/}, language = {English}, urldate = {2020-07-01} } TR-25 Analysis - Turla / Pfinet / Snake/ Uroburos
Cobra Carbon System Uroburos Turla Group
2010-08-25The New York TimesBrian Knowlton
@online{knowlton:20100825:military:dc8aa06, author = {Brian Knowlton}, title = {{Military Computer Attack Confirmed}}, date = {2010-08-25}, organization = {The New York Times}, url = {https://www.nytimes.com/2010/08/26/technology/26cyber.html}, language = {English}, urldate = {2019-11-29} } Military Computer Attack Confirmed
Turla Group
2008-11-30ThreatExpertSergei Shevchenko
@online{shevchenko:20081130:agentbtz:8c68643, author = {Sergei Shevchenko}, title = {{Agent.btz - A Threat That Hit Pentagon}}, date = {2008-11-30}, organization = {ThreatExpert}, url = {http://blog.threatexpert.com/2008/11/agentbtz-threat-that-hit-pentagon.html}, language = {English}, urldate = {2020-01-08} } Agent.btz - A Threat That Hit Pentagon
Agent.BTZ

Credits: MISP Project