ID | Votes | Profile Description |
---|---|---|
Snake | 3 | Snake, also known as EKANS, is a significant threat actor that has been active since at least 2004, with its activities potentially dating back to the late 1990s. This group, which may have ties to Iran, targets diplomatic and government organizations as well as private businesses across various reg |
Agent.btz | 3 | Agent.btz, also known as ComRAT v4, is a remote access trojan (RAT) developed using C++ and employing a virtual FAT16 file system. This malicious software was one of the earliest backdoors used by Pensive Ursa, a cyber-espionage group. Notably, the malware is frequently used to exfiltrate sensitive |
Comrat V4 | 3 | ComRAT v4, also known as Agent.BTZ, is a sophisticated malware developed using C++ and employing a virtual FAT16 file system. This malicious software is a Remote Access Trojan (RAT) primarily used by the Turla group, a cyber-espionage entity. The primary function of ComRAT v4 is to exfiltrate sensit |
HyperStack | 1 | HyperStack, also known as SilentMoo or BigBoss, is a Remote Procedure Call (RPC) backdoor malware that was first observed in 2018. It has been utilized in operations targeting European government entities and is linked to the Russian-based threat group Pensive Ursa, which has been operational since |
KOPILUWAK | 1 | KopiLuwak is a JavaScript-based malware used for command and control (C2) communications and victim profiling. It was initially dropped by Pensive Ursa using an MSIL dropper in a G20-themed attack in 2017, and later as a self-extracting archive (SFX) executable in late 2022. Upon execution, the SFX |
TinyTurla | 1 | TinyTurla is a sophisticated malware linked to the Russia-sponsored threat actor, Turla APT. This malicious software has been utilized in a targeted campaign against Polish Non-Governmental Organizations (NGOs), particularly those with connections to supporting Ukraine. TinyTurla operates as a backd |
Capibar | 1 | Capibar, a new malware identified as part of the arsenal of the Russian-based threat group Turla (also known as Pensive Ursa, Uroburos, or Snake), has been used in recent cyberattacks. This group, linked to the Russian Federal Security Service (FSB) and active since at least 2004, has deployed Capib |
ID | Type | Votes | Profile Description |
---|---|---|---|
Uroburos | Unspecified | 2 | Uroburos, also known as Snake, Turla, Pensive Ursa, and Venomous Bear, is a sophisticated malware linked to the Russian Federal Security Service (FSB). The development of this malicious software began in late 2003, with its operations traced back to at least 2004. Uroburos is part of a broader arsen |
Chinch | Unspecified | 2 | None |
Mosquito | Unspecified | 2 | The "Mosquito" malware is a harmful software designed to exploit and damage computer systems or devices. It operates covertly, infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the capability to steal personal information, disr |
Gazer | Unspecified | 1 | Gazer is a second-stage backdoor malware written in C++ that was unveiled by Turla in August. It was discovered to have been deployed through watering-hole attacks and spear-phishing campaigns, enabling more precise targeting of victims. The malware is attributed to Pensive Ursa due to strong simila |
Kazuar | Unspecified | 1 | Kazuar is a sophisticated multiplatform trojan horse malware, linked to the Russian-based threat group Turla (also known as Pensive Ursa, Uroburos, Snake), which has been operating since at least 2004. This group, believed to be connected to the Russian Federal Security Service (FSB), utilizes an ar |
ID | Type | Votes | Profile Description |
---|---|---|---|
Turla | Unspecified | 5 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
Pensive | Unspecified | 1 | Pensive Ursa, also known as Turla or Uroburos, is a Russian-based threat group that has been active since at least 2004 and is linked to the Russian Federal Security Service (FSB). The group employs advanced and stealthy tools like Kazuar, a .NET backdoor used as a second stage payload. In 2023, Pen |
Turla’s | Unspecified | 1 | None |
Waterbug | Unspecified | 1 | Waterbug, also known as Turla, Venomous Bear, and other aliases, is a cyberespionage group closely affiliated with the FSB Russian intelligence agency. This threat actor has been active since at least 2004, targeting government entities, intelligence agencies, educational institutions, research faci |
Pensive Ursa | Unspecified | 1 | Pensive Ursa, also known as Turla, Uroburos, Venomous Bear, and Waterbug, is a Russian-based advanced persistent threat (APT) group that has been operating since at least 2004. The group, linked to the Russian Federal Security Service (FSB), is renowned for its sophisticated cyber-espionage activiti |
ID | Type | Votes | Profile Description |
---|---|---|---|
No associations to display |
Source | CreatedAt | Title |
---|---|---|
DARKReading | 9 months ago | Upgraded Kazuar Backdoor Offers Stealthy Power |
Trend Micro | 10 months ago | Examining the Activities of the Turla APT Group |
Unit42 | 10 months ago | Threat Group Assessment: Turla (aka Pensive Ursa) |
CERT-EU | a year ago | Russia’s 'Turla' Group – A Formidable Cyberespionage Adversary |
BankInfoSecurity | a year ago | Russian Hackers Probe Ukrainian Defense Sector With Backdoor |
CERT-EU | a year ago | Matthieu Faou | WeLiveSecurity |
MITRE | a year ago | A dive into Turla PowerShell usage | WeLiveSecurity |
MITRE | a year ago | Shedding Skin - Turla’s Fresh Faces | Securelist |
MITRE | a year ago | IronNetInjector: Turla’s New Malware Loading Tool |
CERT-EU | a year ago | Kaspersky Analyzes Links Between Russian State-Sponsored APTs |
CISA | a year ago | Hunting Russian Intelligence “Snake” Malware | CISA |
CERT-EU | a year ago | Hunting Russian Intelligence “Snake” Malware - KizzMyAnthia.com |