| ID | Votes | Profile Description |
|---|---|---|
| Topinambour | 2 | Topinambour is a malicious software (malware) that has been linked to the hacking group Turla, as reported by Kaspersky and Securelist. This malware, identified by SHA-256 29314f3cd73b81eda7bd90c66f659235e6bb900e499c9cc7057d10a9083a0b94, is known for its ability to exploit and damage computers or de |
| Tunnussched | 2 | TunnusSched is a malicious software (malware) that has been used by the Advanced Persistent Threat (APT) group known as Tomiris. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is capable of stealing personal information, disrupting operations, and even h |
| Tomiris | 2 | Tomiris is a malicious software (malware) group that has been active since before 2019. Known for its use of the QUIETCANARY backdoor, Tomiris has expanded its capabilities and influence within the region, targeting government entities and other high-value targets. The group has shown a particular i |
| Snake | 1 | Snake, also known as EKANS, is a significant threat actor that has been active since at least 2004, with its activities potentially dating back to the late 1990s. This group, which may have ties to Iran, targets diplomatic and government organizations as well as private businesses across various reg |
| ComRAT | 1 | ComRAT, also known as Agent.BTZ, is a potent malware that has evolved over the years to become a significant threat in the cybersecurity landscape. Developed using C++ and employing a virtual FAT16 file system, ComRAT is often used to exfiltrate sensitive documents. The malware is a remote access tr |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| QUIETCANARY | Unspecified | 3 | Quietcanary is a malicious software (malware) that has been exploited by threat groups such as Pensive Ursa and Tomiris. The malware, known for its backdoor capabilities, has been in use since at least 2019, with Pensive Ursa deploying it against targets in Ukraine in September 2022, often in conjun |
| ANDROMEDA | Unspecified | 2 | Andromeda is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data ho |
| HyperStack | Unspecified | 1 | HyperStack, also known as SilentMoo or BigBoss, is a Remote Procedure Call (RPC) backdoor malware that was first observed in 2018. It has been utilized in operations targeting European government entities and is linked to the Russian-based threat group Pensive Ursa, which has been operational since |
| Unc4210 | Unspecified | 1 | UNC4210 is a malicious software (malware) discovered by Mandiant in September 2022, suspected to be an operation of the Turla Team. This malware was identified as it re-registered three expired ANDROMEDA command and control (C2) domains and began selectively deploying KOPILUWAK and QUIETCANARY to vi |
| Kazuar | Unspecified | 1 | Kazuar is a sophisticated multiplatform trojan horse malware, linked to the Russian-based threat group Turla (also known as Pensive Ursa, Uroburos, Snake), which has been operating since at least 2004. This group, believed to be connected to the Russian Federal Security Service (FSB), utilizes an ar |
| Crutch | Unspecified | 1 | Crutch is a sophisticated malware attributed to the Turla group, first discovered by ESET researchers in December 2020. It's considered a second-stage backdoor, achieving persistence through DLL hijacking. One notable feature of Crutch v4 is its ability to automatically upload files found on local a |
| Uroburos | Unspecified | 1 | Uroburos, also known as Snake, Turla, Pensive Ursa, and Venomous Bear, is a sophisticated malware linked to the Russian Federal Security Service (FSB). The development of this malicious software began in late 2003, with its operations traced back to at least 2004. Uroburos is part of a broader arsen |
| Capibar | Unspecified | 1 | Capibar, a new malware identified as part of the arsenal of the Russian-based threat group Turla (also known as Pensive Ursa, Uroburos, or Snake), has been used in recent cyberattacks. This group, linked to the Russian Federal Security Service (FSB) and active since at least 2004, has deployed Capib |
| Zebrocy | Unspecified | 1 | Zebrocy is a well-documented Trojan malware that infiltrates systems to gather specific system information. Once installed, it sends the collected data to its Command and Control (C2) server via an HTTP POST request. The Zebrocy variant also captures a screenshot of the victim's host and transmits i |
| Mosquito | Unspecified | 1 | The "Mosquito" malware is a harmful software designed to exploit and damage computer systems or devices. It operates covertly, infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the capability to steal personal information, disr |
| Meterpreter | Unspecified | 1 | Meterpreter, a type of malware, is an attack payload of Metasploit that serves as an interactive shell, enabling threat actors to control and execute code on a system. Advanced Persistent Threat (APT) actors have created and used a variant of Metasploit (Meterpreter) on the ServiceDesk system, liste |
| TinyTurla | Unspecified | 1 | TinyTurla is a sophisticated malware linked to the Russia-sponsored threat actor, Turla APT. This malicious software has been utilized in a targeted campaign against Polish Non-Governmental Organizations (NGOs), particularly those with connections to supporting Ukraine. TinyTurla operates as a backd |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Turla | Unspecified | 4 | Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat |
| WhiteBear | Unspecified | 1 | WhiteBear is a threat actor that has been associated with the Turla group, also known as Snake, Venomous Bear, Uroburos, and WhiteBear. This association was established through strong links identified between a Crutch dropper from 2016 and Gazer, a second-stage backdoor used by Turla in 2016-2017. W |
| Pensive | Unspecified | 1 | Pensive Ursa, also known as Turla or Uroburos, is a Russian-based threat group that has been active since at least 2004 and is linked to the Russian Federal Security Service (FSB). The group employs advanced and stealthy tools like Kazuar, a .NET backdoor used as a second stage payload. In 2023, Pen |
| Turla’s | Unspecified | 1 | None |
| Pensive Ursa | Unspecified | 1 | Pensive Ursa, also known as Turla, Uroburos, Venomous Bear, and Waterbug, is a Russian-based advanced persistent threat (APT) group that has been operating since at least 2004. The group, linked to the Russian Federal Security Service (FSB), is renowned for its sophisticated cyber-espionage activiti |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Unc4210 Kopiluwak | Unspecified | 1 | None |
| Unc4210 Andromeda | Unspecified | 1 | None |
| Tomiris Md5 | Unspecified | 1 | None |
| Kopiluwak Md5 | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| MITRE | 7 months ago | Turla: A Galaxy of Opportunity |
| MITRE | a year ago | Introducing WhiteBear |
| InfoSecurity-magazine | a year ago | Tomiris and Turla APT Groups Collaborate to Target Government Entities |
| CERT-EU | a year ago | Tomiris called, they want their Turla malware back |
| CERT-EU | a year ago | Tomiris called, they want their Turla malware back - GIXtools |
| CERT-EU | a year ago | Tangled Up: 'Tomiris' APT Uses Turla Malware, Confusing Researchers |
| Unit42 | 10 months ago | Threat Group Assessment: Turla (aka Pensive Ursa) |
| CERT-EU | a year ago | IT threat evolution in Q2 2023 – GIXtools |
| CERT-EU | a year ago | IT threat evolution Q2 2023 |
| MITRE | a year ago | Shedding Skin - Turla’s Fresh Faces | Securelist |
| CERT-EU | a year ago | Tomoris links to APT behind SolarWinds attack put to rest |
| CERT-EU | a year ago | Kaspersky Analyzes Links Between Russian State-Sponsored APTs |