|
gptkbp:instanceOf
|
malware
|
|
gptkbp:alsoKnownAs
|
gptkb:Dragon
gptkb:Uroburos
Venomous Bear
|
|
gptkbp:associatedWith
|
Russian state-sponsored actors
|
|
gptkbp:component
|
gptkb:Snake_rootkit
gptkb:Epic_Turla
gptkb:Kazuar
gptkb:Carbon
|
|
gptkbp:connectsTo
|
gptkb:FSB_(Russian_Federal_Security_Service)
gptkb:APT28
|
|
gptkbp:detects
|
difficult due to stealth techniques
|
|
gptkbp:developedBy
|
gptkb:Turla_group
|
|
gptkbp:discoveredBy
|
2008
|
|
gptkbp:exfiltrates
|
documents
emails
credentials
system information
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Turla malware family
|
|
gptkbp:language
|
gptkb:Python
gptkb:assembly_language
gptkb:C++
C
|
|
gptkbp:notableBattle
|
attacks on European governments
attacks on US government agencies
attacks on embassies
|
|
gptkbp:notableFor
|
2014
2023
|
|
gptkbp:persistenceMechanism
|
kernel-level rootkit
registry modifications
service installation
|
|
gptkbp:platform
|
gptkb:Windows
gptkb:macOS
gptkb:Linux
|
|
gptkbp:referencedIn
|
gptkb:NSA
gptkb:US_Department_of_Justice
gptkb:ESET
gptkb:Kaspersky_Lab
gptkb:UK_NCSC
gptkb:Symantec
|
|
gptkbp:removes
|
complex and requires system reinstallation
|
|
gptkbp:technique
|
spear phishing
watering hole attacks
command and control (C2) infrastructure
satellite-based C2 communication
|
|
gptkbp:usedFor
|
cybercrime
data exfiltration
persistent access
|
|
gptkbp:usesMalware
|
backdoor
modular malware
rootkit
|
|
gptkbp:bfsParent
|
gptkb:Carbon_malware
gptkb:ComRAT_malware
gptkb:Gazer_malware
|
|
gptkbp:bfsLayer
|
6
|