|
gptkbp:instanceOf
|
cybercrime
|
|
gptkbp:activeYearsStart
|
at least 2004
|
|
gptkbp:alsoKnownAs
|
gptkb:Dragon
gptkb:Uroburos
Venomous Bear
KRYPTON
|
|
gptkbp:countryOfOrigin
|
gptkb:Russia
|
|
gptkbp:enemyOf
|
spear phishing
watering hole attacks
credential theft
lateral movement
custom malware deployment
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Turla Group
|
|
gptkbp:language
|
gptkb:Russian
|
|
gptkbp:mainActivity
|
cybercrime
|
|
gptkbp:MITRE_ATT&CK_ID
|
gptkb:G0010
|
|
gptkbp:notableEvent
|
2014 Uroburos discovery
attacks on US and European government agencies
attacks on embassies in Europe and the Middle East
compromise of satellite communications
|
|
gptkbp:notableTool
|
gptkb:ICEDCOFFEE
gptkb:WhiteBear
gptkb:Dragon
gptkb:HyperStack
gptkb:LightNeuron
gptkb:Mosquito_backdoor
gptkb:Reductor
gptkb:Agent.BTZ
gptkb:ComRAT
gptkb:Epic_Turla
gptkb:Gazer
gptkb:Kazuar
gptkb:Metasploit
gptkb:Carbon
gptkb:Nautilus
PowerShell scripts
Outlook backdoor
Crutch
credential harvesting tools
custom rootkits
encrypted C2 infrastructure
satellite-based C2 channels
watering hole exploit kits
|
|
gptkbp:reportsTo
|
gptkb:UK_National_Cyber_Security_Centre
gptkb:US_Department_of_Justice
gptkb:ESET
gptkb:FireEye
gptkb:Kaspersky_Lab
gptkb:Symantec
|
|
gptkbp:suspectedAffiliation
|
gptkb:FSB
gptkb:Russian_government
|
|
gptkbp:target
|
gptkb:energy
research institutions
government organizations
military organizations
diplomatic entities
|
|
gptkbp:TTPs
|
living off the land techniques
use of encrypted communications
use of custom backdoors
use of legitimate software for persistence
|
|
gptkbp:usesMalware
|
gptkb:Dragon
gptkb:Agent.BTZ
gptkb:ComRAT
gptkb:Epic_Turla
gptkb:Gazer
gptkb:Kazuar
gptkb:Uroburos
gptkb:Carbon
|
|
gptkbp:bfsParent
|
gptkb:Kazuar
|
|
gptkbp:bfsLayer
|
6
|