| Alias Description | Votes |
|---|---|
| Kazuar is a possible alias for Turla. Kazuar is a sophisticated multiplatform trojan horse malware that has been associated with the Russian-based threat group Turla, also known as Pensive Ursa, Uroburos, or Snake. This group, believed to be linked to the Russian Federal Security Service (FSB), has been operating since at least 2004 and | 8 |
| Uroburos is a possible alias for Turla. Uroburos, also known as Snake, Turla, Pensive Ursa, and Venomous Bear, is a sophisticated malware linked to the Russian Federal Security Service (FSB). The development of this malicious software began in late 2003, with its operations traced back to at least 2004. Uroburos is part of a broader arsen | 8 |
| Venomous Bear is a possible alias for Turla. Venomous Bear, also known as Turla, Urobouros, Snake, and other names, is a threat actor group attributed to Center 16 of the Federal Security Service (FSB) of the Russian Federation. The group has been active since at least 2004, targeting diplomatic and government organizations, as well as private | 6 |
| Waterbug is a possible alias for Turla. Waterbug, also known as Turla, Venomous Bear, and several other names, is a cyberespionage group closely affiliated with the FSB Russian intelligence agency. The group has been active since at least 2004, targeting a variety of sectors including government entities, intelligence agencies, military, | 6 |
| Snake Malware is a possible alias for Turla. The Snake malware, a malicious software program known for its complexity, was identified as a key tool in the arsenal of cybercriminal group Pensive Ursa. Detailed by the Cybersecurity and Infrastructure Security Agency (CISA) in May 2023, this Python-based information stealer was used to infect com | 5 |
| Pensive Ursa is a possible alias for Turla. Pensive Ursa, also known as Turla, Uroburos, Venomous Bear, and Waterbug, is a Russian-based advanced persistent threat (APT) group that has been operating since at least 2004. The group, linked to the Russian Federal Security Service (FSB), is renowned for its sophisticated cyber-espionage activiti | 5 |
| Sandworm is a possible alias for Turla. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which c | 4 |
| LightNeuron is a possible alias for Turla. LightNeuron is a sophisticated malware developed by the Turla group, known for its complex and custom cyber threats. It shares operational similarities with LunarMail, another Turla backdoor, in that it uses email messages for command and control (C&C) purposes. The malware infects systems through s | 3 |
| Krypton is a possible alias for Turla. Krypton, also known as Secret Blizzard or UAC-0003, is a significant threat actor that has been associated with Russia's Federal Security Service (FSB). This Advanced Persistent Threat (APT) group has been active since at least 2004, targeting diplomatic and government organizations as well as priva | 3 |
| Energetic Bear is a possible alias for Turla. Energetic Bear, also known as DragonFly, Crouching Yeti, and Berserk Bear, is a threat actor that has been operational since at least 2011. The group has been linked to various cyber-espionage campaigns targeting the energy sector in Europe and North America, with the primary focus on defense and av | 2 |
| Secret Blizzard is a possible alias for Turla. Secret Blizzard, also known as Turla, KRYPTON, and UAC-0003, is a threat actor group linked to Russia's Federal Security Service (FSB). This Advanced Persistent Threat (APT) group has been active since the early 2000s, primarily targeting government organizations worldwide. The group's activities we | 2 |
| Moonlight Maze is a possible alias for Turla. Moonlight Maze is a notorious malware that was part of an extensive espionage campaign during the 1990s. The malicious software compromised the networks of several key institutions, including the Department of Defense, NASA, and the Department of Energy, along with defense contractors and other part | 2 |
| GoldenJackal is a possible alias for Turla. GoldenJackal is a threat actor known for its advanced persistent threat (APT) activities, targeting air-gapped systems in government and diplomatic entities across Europe, the Middle East, and South Asia. The group utilizes spear-phishing, vulnerability exploitation, and a .NET malware toolset to es | 2 |
| Pensive is a possible alias for Turla. Pensive Ursa, also known as Turla or Uroburos, is a Russian-based threat group that has been active since at least 2004 and is linked to the Russian Federal Security Service (FSB). The group employs advanced and stealthy tools like Kazuar, a .NET backdoor used as a second stage payload. In 2023, Pen | 2 |
| Lunarmail is a possible alias for Turla. LunarMail, a novel backdoor linked to the Russia-associated Turla APT, has been discovered by ESET researchers as part of a cyber-espionage campaign targeting European government agencies. First observed in 2020, this sophisticated threat actor leverages two custom backdoors, LunarWeb and LunarMail, | 2 |
| Goldenhowl is a possible alias for Turla. GoldenHowl is a sophisticated threat actor known for its diverse set of malicious capabilities. Identified as part of a broader campaign alongside GoldenDealer and GoldenRobo, this modular backdoor showcases various functionalities that pose significant threats to compromised systems. Its primary fu | 2 |
| StrongPity is a possible alias for Turla. StrongPity is a malicious software (malware) that infiltrates computer systems, typically through suspicious downloads, emails, or websites. The malware has been active for over a decade and is possibly linked to the Turkish government. It's designed to exploit and damage systems, steal personal inf | 2 |
| OceanLotus is a possible alias for Turla. OceanLotus, also known as APT32, is a threat actor suspected to be linked with Vietnam. It primarily targets foreign companies involved in manufacturing, consumer products, consulting, and hospitality sectors that are investing or planning to invest in Vietnam. The group's recent activities indicate | 2 |
| Wildneutron is a possible alias for Turla. | 2 |
| Epic Turla is a possible alias for Turla. Epic Turla, also known as Snake or Uroburos, is a sophisticated multi-stage malware attack that was extensively researched and documented in 2014. The campaign, dubbed "Epic Turla," was orchestrated by a group of attackers who utilized the Epic malware family, known for its dynamic and adaptive natu | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The TinyTurla Malware is associated with Turla. TinyTurla is a form of malware, malicious software designed to infiltrate and damage computer systems without the user's knowledge. It can enter systems via suspicious downloads, emails, or websites, and once inside, it has the potential to steal personal information, disrupt operations, or hold dat | Unspecified | 6 |
| The Agent.btz Malware is associated with Turla. Agent.btz, also known as ComRAT v4, is a remote access trojan (RAT) developed using C++ and employing a virtual FAT16 file system. This malicious software was one of the earliest backdoors used by Pensive Ursa, a cyber-espionage group. Notably, the malware is frequently used to exfiltrate sensitive | Unspecified | 5 |
| The Tomiris Malware is associated with Turla. Tomiris is a malware group that has been active since at least 2019, known for using the backdoor QUIETCANARY. The group has also used Turla malware, indicating a possible cooperation or shared expertise between Tomiris and Turla. A significant development was observed in September 2022 when a Tunnu | Unspecified | 5 |
| The ComRAT Malware is associated with Turla. ComRAT, also known as Agent.BTZ, is a potent malware that has evolved over the years to become a significant threat in the cybersecurity landscape. Developed using C++ and employing a virtual FAT16 file system, ComRAT is often used to exfiltrate sensitive documents. The malware is a remote access tr | Unspecified | 5 |
| The KOPILUWAK Malware is associated with Turla. KopiLuwak is a JavaScript-based malware used for command and control (C2) communications and victim profiling. It was initially dropped by Pensive Ursa using an MSIL dropper in a G20-themed attack in 2017, and later as a self-extracting archive (SFX) executable in late 2022. Upon execution, the SFX | Unspecified | 4 |
| The Crutch Malware is associated with Turla. Crutch is a sophisticated malware attributed to the Turla group, first discovered by ESET researchers in December 2020. It's considered a second-stage backdoor, achieving persistence through DLL hijacking. One notable feature of Crutch v4 is its ability to automatically upload files found on local a | Unspecified | 4 |
| The ANDROMEDA Malware is associated with Turla. Andromeda is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data ho | Unspecified | 4 |
| The Maze Malware is associated with Turla. Maze is a form of malicious software, or malware, that pioneered a novel double-extortion tactic in the cyber threat landscape. Its modus operandi involves stealing victims' files before encrypting them, thereby enabling the threat actors to threaten both the disruption of operations and the release | Unspecified | 3 |
| The Gazer Malware is associated with Turla. Gazer is a second-stage backdoor malware written in C++ that was unveiled by Turla in August. It was discovered to have been deployed through watering-hole attacks and spear-phishing campaigns, enabling more precise targeting of victims. The malware is attributed to Pensive Ursa due to strong simila | Unspecified | 3 |
| The Capibar Malware is associated with Turla. Capibar, a new malware identified as part of the arsenal of the Russian-based threat group Turla (also known as Pensive Ursa, Uroburos, or Snake), has been used in recent cyberattacks. This group, linked to the Russian Federal Security Service (FSB) and active since at least 2004, has deployed Capib | Unspecified | 3 |
| The Unc4210 Malware is associated with Turla. UNC4210 is a malicious software (malware) discovered by Mandiant in September 2022, suspected to be an operation of the Turla Team. This malware was identified as it re-registered three expired ANDROMEDA command and control (C2) domains and began selectively deploying KOPILUWAK and QUIETCANARY to vi | Unspecified | 3 |
| The QUIETCANARY Malware is associated with Turla. Quietcanary is a malicious software (malware) that has been exploited by threat groups such as Pensive Ursa and Tomiris. The malware, known for its backdoor capabilities, has been in use since at least 2019, with Pensive Ursa deploying it against targets in Ukraine in September 2022, often in conjun | Unspecified | 2 |
| The ComRAT v4 Malware is associated with Turla. ComRAT v4, also known as Agent.BTZ, is a harmful remote access trojan (RAT) malware used by the threat group Turla. Developed using C++, ComRAT v4 employs a virtual FAT16 file system, often utilized for exfiltrating sensitive documents. This malware can infiltrate your system via suspicious download | Unspecified | 2 |
| The HyperStack Malware is associated with Turla. HyperStack, also known as SilentMoo or BigBoss, is a Remote Procedure Call (RPC) backdoor malware that was first observed in 2018. It has been utilized in operations targeting European government entities and is linked to the Russian-based threat group Pensive Ursa, which has been operational since | Unspecified | 2 |
| The Penquin Malware is associated with Turla. Penquin is a type of malware, a malicious software designed to exploit and damage computer systems. It infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Penquin can cause various types of harm, such as stealing personal information, disrup | Unspecified | 2 |
| The Deliverycheck Malware is associated with Turla. DeliveryCheck is a novel .NET-based malware that has been identified by Microsoft's Threat Intelligence as being used in targeted attacks against the defense sector in Ukraine and Eastern Europe. The threat actor behind these attacks is known as Secret Blizzard (also referred to as KRYPTON or UAC-00 | Unspecified | 2 |
| The SUNBURST Malware is associated with Turla. Sunburst is a sophisticated malware that was detected in a major supply chain attack in December 2020. The Sunburst backdoor has been tied to Kazuar, another malicious software, due to code resemblance, indicating its high level of complexity. This malware infiltrates systems, often without the user | Unspecified | 2 |
| The Tunnussched Malware is associated with Turla. TunnusSched is a malicious software (malware) that has been used by the Advanced Persistent Threat (APT) group known as Tomiris. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is capable of stealing personal information, disrupting operations, and even h | Unspecified | 2 |
| The Ttng Malware is associated with Turla. TinyTurla-NG (TTNG) is a potent malware identified by Cisco Talos in partnership with CERT.NGO. TTNG is part of the arsenal used by the Turla APT, a notorious group of Russian state-sponsored actors known for their cyber espionage activities. This malicious software is designed to infiltrate systems | Unspecified | 2 |
| The malware Makersmark is associated with Turla. | Unspecified | 2 |
| The Ursa Malware is associated with Turla. Ursa is a highly active and motivated malware threat actor, also known as APT28, Fancy Bear, and Sofacy, which has been linked to various high-profile cyberattacks, including the US election interference in 2016 and the NotPetya attacks. The group is known for its use of the HeadLace backdoor malwar | Unspecified | 2 |
| The Topinambour Malware is associated with Turla. Topinambour is a type of malware, malicious software designed to exploit and damage computer systems, typically delivered through suspicious downloads, emails, or websites. It was first associated with the hacking group Pensive Ursa in 2019, which utilized Topinambour as a dropper to deliver another | Unspecified | 2 |
| The Mosquito Malware is associated with Turla. The "Mosquito" malware is a harmful software designed to exploit and damage computer systems or devices. It operates covertly, infiltrating systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the capability to steal personal information, disr | Unspecified | 2 |
| Alias Description | Association Type | Votes |
|---|---|---|
| The Turla Group Threat Actor is associated with Turla. The Turla group, also known as Pensive Ursa, Krypton, Secret Blizzard, Venomous Bear, or Uroburos, is a notable threat actor that has been linked to the Russian Federal Security Service (FSB). With a history dating back to 2004, this group operates in painstaking stages, first conducting reconnaissa | Unspecified | 6 |
| The Medusa Threat Actor is associated with Turla. Medusa, a threat actor group known for its malicious activities, has been increasingly involved in multiple high-profile cyber attacks. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability, the Citrix Bleed (CVE-2023-4966), leading to numerou | Unspecified | 5 |
| The Gamaredon Threat Actor is associated with Turla. Gamaredon, a Russia-aligned threat actor, has emerged as one of the most active Advanced Persistent Threat (APT) groups in Ukraine, particularly since Russia's 2022 invasion of the country. Composed of regular officers from the Russian Federal Security Service (FSB) and some former law enforcement o | Unspecified | 4 |
| The MoustachedBouncer Threat Actor is associated with Turla. MoustachedBouncer, a threat actor first detailed in August 2023, is known for its cyberespionage activities primarily targeting foreign diplomats in Belarus. The group has been linked to at least four attacks on foreign embassies in Belarus since 2014, including two European nations, one from South | is related to | 3 |
| The OilRig Threat Actor is associated with Turla. OilRig, also known as APT34, Earth Simnavaz, Evasive Serpens, and other names, is a well-known threat actor in the cybersecurity industry. This group has been particularly active in targeting entities in the Middle East, including critical infrastructure and telecommunications organizations. One of | Unspecified | 3 |
| The APT28 Threat Actor is associated with Turla. APT28, also known as Fancy Bear and Unit 26165 of the Russian Main Intelligence Directorate, is a threat actor linked to Russia with a history of cyber-espionage activities. The group has been involved in several high-profile attacks, including the hacking of the Democratic National Committee (DNC) | Unspecified | 2 |
| The APT34 Threat Actor is associated with Turla. APT34, a threat actor suspected to be linked to Iran, has been operational since at least 2014 and is involved in long-term cyber espionage operations largely focused on reconnaissance efforts. The group targets a variety of sectors including financial, government, energy, chemical, and telecommunic | Unspecified | 2 |
| The APT29 Threat Actor is associated with Turla. APT29, also known as Midnight Blizzard and linked to Russia's Foreign Intelligence Service (SVR), is a notorious threat actor that has been implicated in several high-profile cyberattacks. The group has demonstrated sophisticated capabilities, exploiting vulnerabilities such as the WinRAR 0day flaw | Unspecified | 2 |
| Preview | Source Link | CreatedAt | Title |
|---|---|---|---|
| ESET | a month ago | ||
| InfoSecurity-magazine | a month ago | ||
| Securityaffairs | 3 months ago | ||
| Securityaffairs | 4 months ago | ||
| CERT-EU | a year ago | ||
| Securityaffairs | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| Securityaffairs | 4 months ago | ||
| Securityaffairs | 5 months ago | ||
| Securityaffairs | 5 months ago | ||
| Securityaffairs | 5 months ago | ||
| BankInfoSecurity | 6 months ago | ||
| Securityaffairs | 6 months ago | ||
| Flashpoint | 6 months ago | ||
| DARKReading | 6 months ago | ||
| Securityaffairs | 6 months ago | ||
| ESET | 6 months ago | ||
| BankInfoSecurity | 6 months ago | ||
| CERT-EU | 8 months ago |