ID | Votes | Profile Description |
---|---|---|
Snake | 1 | Snake, also known as EKANS, is a significant threat actor that has been active since at least 2004, with its activities potentially dating back to the late 1990s. This group, which may have ties to Iran, targets diplomatic and government organizations as well as private businesses across various reg |
ID | Type | Votes | Profile Description |
---|---|---|---|
Gazer | Unspecified | 1 | Gazer is a second-stage backdoor malware written in C++ that was unveiled by Turla in August. It was discovered to have been deployed through watering-hole attacks and spear-phishing campaigns, enabling more precise targeting of victims. The malware is attributed to Pensive Ursa due to strong simila |
FatDuke | Unspecified | 1 | FatDuke is a sophisticated malware that was first detected in 2013 and primarily targets government entities, defense contractors, and research institutions. The malware is known to be spread through spear-phishing attacks and has been linked to a group of hackers called APT29 or Cozy Bear. Once ins |
Kazuar | Unspecified | 1 | Kazuar is a sophisticated multiplatform trojan horse malware, linked to the Russian-based threat group Turla (also known as Pensive Ursa, Uroburos, Snake), which has been operating since at least 2004. This group, believed to be connected to the Russian Federal Security Service (FSB), utilizes an ar |
TinyTurla | Unspecified | 1 | TinyTurla is a sophisticated malware linked to the Russia-sponsored threat actor, Turla APT. This malicious software has been utilized in a targeted campaign against Polish Non-Governmental Organizations (NGOs), particularly those with connections to supporting Ukraine. TinyTurla operates as a backd |
Capibar | Unspecified | 1 | Capibar, a new malware identified as part of the arsenal of the Russian-based threat group Turla (also known as Pensive Ursa, Uroburos, or Snake), has been used in recent cyberattacks. This group, linked to the Russian Federal Security Service (FSB) and active since at least 2004, has deployed Capib |
HyperStack | Unspecified | 1 | HyperStack, also known as SilentMoo or BigBoss, is a Remote Procedure Call (RPC) backdoor malware that was first observed in 2018. It has been utilized in operations targeting European government entities and is linked to the Russian-based threat group Pensive Ursa, which has been operational since |
Uroburos | Unspecified | 1 | Uroburos, also known as Snake, Turla, Pensive Ursa, and Venomous Bear, is a sophisticated malware linked to the Russian Federal Security Service (FSB). The development of this malicious software began in late 2003, with its operations traced back to at least 2004. Uroburos is part of a broader arsen |
KOPILUWAK | Unspecified | 1 | KopiLuwak is a JavaScript-based malware used for command and control (C2) communications and victim profiling. It was initially dropped by Pensive Ursa using an MSIL dropper in a G20-themed attack in 2017, and later as a self-extracting archive (SFX) executable in late 2022. Upon execution, the SFX |
ID | Type | Votes | Profile Description |
---|---|---|---|
Turla | Unspecified | 4 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
WhiteBear | Unspecified | 1 | WhiteBear is a threat actor that has been associated with the Turla group, also known as Snake, Venomous Bear, Uroburos, and WhiteBear. This association was established through strong links identified between a Crutch dropper from 2016 and Gazer, a second-stage backdoor used by Turla in 2016-2017. W |
Pensive Ursa | Unspecified | 1 | Pensive Ursa, also known as Turla, Uroburos, Venomous Bear, and Waterbug, is a Russian-based advanced persistent threat (APT) group that has been operating since at least 2004. The group, linked to the Russian Federal Security Service (FSB), is renowned for its sophisticated cyber-espionage activiti |
Turla Group | Unspecified | 1 | The Turla group, also known as Pensive Ursa, Krypton, Secret Blizzard, Venomous Bear, or Uroburos, is a notable threat actor that has been linked to the Russian Federal Security Service (FSB). With a history dating back to 2004, this group operates in painstaking stages, first conducting reconnaissa |
ID | Type | Votes | Profile Description |
---|---|---|---|
No associations to display |
Source | CreatedAt | Title |
---|---|---|
Trend Micro | 10 months ago | Examining the Activities of the Turla APT Group |
Unit42 | 10 months ago | Threat Group Assessment: Turla (aka Pensive Ursa) |
CERT-EU | a year ago | Matthieu Faou | WeLiveSecurity |
MITRE | a year ago | TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines |
MITRE | a year ago | Turla Crutch: Keeping the “back door” open | WeLiveSecurity |