| ID | Votes | Profile Description |
|---|---|---|
| Tunnussched | 2 | TunnusSched is a malicious software (malware) that has been used by the Advanced Persistent Threat (APT) group known as Tomiris. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is capable of stealing personal information, disrupting operations, and even h |
| KOPILUWAK | 2 | KopiLuwak is a JavaScript-based malware used for command and control (C2) communications and victim profiling. It was initially dropped by Pensive Ursa using an MSIL dropper in a G20-themed attack in 2017, and later as a self-extracting archive (SFX) executable in late 2022. Upon execution, the SFX |
| QUIETCANARY | 2 | Quietcanary is a malicious software (malware) that has been exploited by threat groups such as Pensive Ursa and Tomiris. The malware, known for its backdoor capabilities, has been in use since at least 2019, with Pensive Ursa deploying it against targets in Ukraine in September 2022, often in conjun |
| Sunshuttle | 2 | Sunshuttle is a malicious software (malware) that has been linked to various cyber threats. Initial reports identified connections between Sunshuttle, a Tomiris Golang implant, NOBELIUM (also known as APT29 or TheDukes), and Kazuar, which is associated with Turla. However, interpreting these connect |
| Sbz | 2 | SBZ is a potent piece of malware, characterized as a file stealer with the SHA-256 hash 80721e6b2d6168cf17b41d2f1ab0f1e6e3bf4db585754109f3b7ff9931ae9e5b. The discovery of this malware was facilitated by its similarity to the signatures associated with the Equation malware family. Its coding style an |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Kazuar | Unspecified | 2 | Kazuar is a sophisticated multiplatform trojan horse malware, linked to the Russian-based threat group Turla (also known as Pensive Ursa, Uroburos, Snake), which has been operating since at least 2004. This group, believed to be connected to the Russian Federal Security Service (FSB), utilizes an ar |
| SUNBURST | Unspecified | 2 | Sunburst is a sophisticated malware that has been linked to the Kazuar code, indicating its complexity. It was used in several well-known cyber attack campaigns such as SUNBURST, OilRig, xHunt, DarkHydrus, and Decoy Dog, which employed DNS tunneling techniques for command and control (C2) communicat |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Turla | Unspecified | 5 | Turla, a threat actor linked to Russia, is known for its sophisticated cyber-espionage activities. It has been associated with numerous high-profile attacks, employing innovative techniques and malware to infiltrate targets and execute actions with malicious intent. According to MITRE ATT&CK and MIT |
| Snake | Unspecified | 2 | Snake, also known as EKANS, is a threat actor first identified by Dragos on January 6, 2020. This malicious entity is notorious for its deployment of ransomware and keyloggers, primarily targeting business networks. The Snake ransomware variant has been linked to Iran and exhibits an industrial focu |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Proxylogon | Unspecified | 2 | ProxyLogon is a significant software vulnerability, specifically a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server. Identified as CVE-2021-26855, it forms part of the ProxyLogon exploit chain and allows attackers to bypass authentication mechanisms and impersonate users |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| CERT-EU | 6 months ago | Russia and Belarus targeted by at least 14 nation-state hacker groups, researchers say | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting | |
| InfoSecurity-magazine | 10 months ago | Palo Alto Reveals New Features in Russian APT Turla's Kazuar Backdoor | |
| Unit42 | a year ago | Threat Group Assessment: Turla (aka Pensive Ursa) | |
| CERT-EU | a year ago | IT threat evolution in Q2 2023 – GIXtools | |
| CERT-EU | a year ago | IT threat evolution Q2 2023 | |
| MITRE | 2 years ago | Tomiris backdoor and its connection to Sunshuttle and Kazuar | |
| CERT-EU | 2 years ago | 後門程式 | |
| CERT-EU | a year ago | Tomiris called, they want their Turla malware back | |
| CERT-EU | a year ago | Tomiris called, they want their Turla malware back - GIXtools | |
| InfoSecurity-magazine | a year ago | Tomiris and Turla APT Groups Collaborate to Target Government Entities | |
| CERT-EU | a year ago | Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering | |
| CERT-EU | a year ago | Tomoris links to APT behind SolarWinds attack put to rest | |
| CERT-EU | a year ago | Tangled Up: 'Tomiris' APT Uses Turla Malware, Confusing Researchers | |
| CERT-EU | a year ago | Kaspersky enquête sur le groupe APT Tomiris qui cible des entités gouvernementales dans la CEI – Global Security Mag Online | |
| CERT-EU | a year ago | Kaspersky Analyzes Links Between Russian State-Sponsored APTs | |
| CERT-EU | a year ago | Киберпреступники Tomiris активно собирают разведданные в странах СНГ | |
| CERT-EU | a year ago | Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting | |
| CERT-EU | a year ago | APT trends report Q1 2023 | |
| CERT-EU | a year ago | APT trends report Q1 2023 - GIXtools | |
| CERT-EU | a year ago | Rapport APT Q1 2023 : techniques avancées, nouveaux horizons et nouvelles cibles – Global Security Mag Online |