Turla malware family

GPTKB entity

Statements (55)
Predicate Object
gptkbp:instanceOf malware
gptkbp:alsoKnownAs gptkb:Dragon
gptkb:Uroburos
Venomous Bear
gptkbp:associatedWith Russian state-sponsored actors
gptkbp:component gptkb:Snake_rootkit
gptkb:Epic_Turla
gptkb:Kazuar
gptkb:Carbon
gptkbp:connectsTo gptkb:FSB_(Russian_Federal_Security_Service)
gptkb:APT28
gptkbp:detects difficult due to stealth techniques
gptkbp:developedBy gptkb:Turla_group
gptkbp:discoveredBy 2008
gptkbp:exfiltrates documents
emails
credentials
system information
https://www.w3.org/2000/01/rdf-schema#label Turla malware family
gptkbp:language gptkb:Python
gptkb:assembly_language
gptkb:C++
C
gptkbp:notableBattle attacks on European governments
attacks on US government agencies
attacks on embassies
gptkbp:notableFor 2014
2023
gptkbp:persistenceMechanism kernel-level rootkit
registry modifications
service installation
gptkbp:platform gptkb:Windows
gptkb:macOS
gptkb:Linux
gptkbp:referencedIn gptkb:NSA
gptkb:US_Department_of_Justice
gptkb:ESET
gptkb:Kaspersky_Lab
gptkb:UK_NCSC
gptkb:Symantec
gptkbp:removes complex and requires system reinstallation
gptkbp:technique spear phishing
watering hole attacks
command and control (C2) infrastructure
satellite-based C2 communication
gptkbp:usedFor cybercrime
data exfiltration
persistent access
gptkbp:usesMalware backdoor
modular malware
rootkit
gptkbp:bfsParent gptkb:Carbon_malware
gptkb:ComRAT_malware
gptkb:Gazer_malware
gptkbp:bfsLayer 6