Turla

TurlaIRON HUNTERGroup 88WaterbugWhiteBearSnakeKryptonVenomous BearSecret BlizzardBELUGASTURGEON

[Turla](https://attack.mitre.org/groups/G0010) is a cyber espionage threat group that has been attributed to Russia's Federal Security Service (FSB). They have compromised victims in over 50 countries since at least 2004, spanning a range of industries including government, embassies, military, education, research and pharmaceutical companies. [Turla](https://attack.mitre.org/groups/G0010) is known for conducting watering hole and spearphishing campaigns, and leveraging in-house tools and malware, such as [Uroburos](https://attack.mitre.org/software/S0022).(Citation: Kaspersky Turla)(Citation...

Techniques

Covered

Gaps

94%

Coverage

Coverage65/69

GAPS (4)

T1564.012File/Path Exclusions T1584.003Virtual Private Server T1584.004Server T1584.006Web Services

COVERED (65)

T1005Data from Local System47 det.T1007System Service Discovery15 det.T1012Query Registry24 det.T1016System Network Configuration Discovery39 det.T1016.001Internet Connection Discovery6 det.T1018Remote System Discovery50 det.T1021.002SMB/Windows Admin Shares73 det.T1025Data from Removable Media3 det.T1027.005Indicator Removal from Tools6 det.T1027.010Command Obfuscation38 det.T1027.011Fileless Storage3 det.T1036.005Match Legitimate Resource Name or Location44 det.T1049System Network Connections Discovery22 det.T1055Process Injection79 det.T1055.001Dynamic-link Library Injection13 det.T1057Process Discovery20 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1059.005Visual Basic68 det.T1059.006Python49 det.T1059.007JavaScript61 det.T1068Exploitation for Privilege Escalation99 det.T1069.001Local Groups37 det.T1069.002Domain Groups44 det.T1071.001Web Protocols80 det.T1071.003Mail Protocols4 det.T1078.003Local Accounts23 det.T1082System Information Discovery86 det.T1083File and Directory Discovery48 det.T1087.001Local Account33 det.T1087.002Domain Account57 det.T1090Proxy46 det.T1090.001Internal Proxy10 det.T1102Web Service34 det.T1102.002Bidirectional Communication15 det.T1105Ingress Tool Transfer183 det.T1106Native API29 det.T1110Brute Force90 det.T1112Modify Registry203 det.T1120Peripheral Device Discovery4 det.T1124System Time Discovery4 det.T1134.002Create Process with Token16 det.T1140Deobfuscate/Decode Files or Information58 det.T1189Drive-by Compromise10 det.T1201Password Policy Discovery20 det.T1204.001Malicious Link10 det.T1213.006Databases2 det.T1518.001Security Software Discovery10 det.T1546.003Windows Management Instrumentation Event Subscription18 det.T1546.013PowerShell Profile4 det.T1547.001Registry Run Keys / Startup Folder53 det.T1547.004Winlogon Helper DLL4 det.T1553.006Code Signing Policy Modification2 det.T1555.004Windows Credential Manager9 det.T1560.001Archive via Utility26 det.T1562.001Disable or Modify Tools311 det.T1566.002Spearphishing Link904 det.T1567.002Exfiltration to Cloud Storage29 det.T1570Lateral Tool Transfer22 det.T1583.006Web Services1 det.T1587.001Malware10 det.T1588.001Malware2 det.T1588.002Tool13 det.T1615Group Policy Discovery9 det.T1685Disable or Modify Tools278 det.