Turla

TurlaIRON HUNTERGroup 88WaterbugWhiteBearSnakeKryptonVenomous BearSecret BlizzardBELUGASTURGEON

[Turla](https://attack.mitre.org/groups/G0010) is a cyber espionage threat group that has been attributed to Russia's Federal Security Service (FSB). They have compromised victims in over 50 countries since at least 2004, spanning a range of industries including government, embassies, military, education, research and pharmaceutical companies. [Turla](https://attack.mitre.org/groups/G0010) is known for conducting watering hole and spearphishing campaigns, and leveraging in-house tools and malware, such as [Uroburos](https://attack.mitre.org/software/S0022).(Citation: Kaspersky Turla)(Citation...

Techniques

Covered

Gaps

94%

Coverage

Coverage64/68

GAPS (4)

T1564.012File/Path Exclusions T1584.003Virtual Private Server T1584.004Server T1584.006Web Services

COVERED (64)

T1005Data from Local System46 det.T1007System Service Discovery11 det.T1012Query Registry22 det.T1016System Network Configuration Discovery35 det.T1016.001Internet Connection Discovery6 det.T1018Remote System Discovery46 det.T1021.002SMB/Windows Admin Shares67 det.T1025Data from Removable Media3 det.T1027.005Indicator Removal from Tools6 det.T1027.010Command Obfuscation31 det.T1027.011Fileless Storage3 det.T1036.005Match Legitimate Resource Name or Location44 det.T1049System Network Connections Discovery21 det.T1055Process Injection76 det.T1055.001Dynamic-link Library Injection11 det.T1057Process Discovery18 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1059.005Visual Basic66 det.T1059.006Python43 det.T1059.007JavaScript58 det.T1068Exploitation for Privilege Escalation91 det.T1069.001Local Groups35 det.T1069.002Domain Groups42 det.T1071.001Web Protocols74 det.T1071.003Mail Protocols4 det.T1078.003Local Accounts23 det.T1082System Information Discovery80 det.T1083File and Directory Discovery48 det.T1087.001Local Account32 det.T1087.002Domain Account55 det.T1090Proxy44 det.T1090.001Internal Proxy10 det.T1102Web Service33 det.T1102.002Bidirectional Communication14 det.T1105Ingress Tool Transfer170 det.T1106Native API27 det.T1110Brute Force85 det.T1112Modify Registry197 det.T1120Peripheral Device Discovery4 det.T1124System Time Discovery4 det.T1134.002Create Process with Token13 det.T1140Deobfuscate/Decode Files or Information55 det.T1189Drive-by Compromise10 det.T1201Password Policy Discovery17 det.T1204.001Malicious Link9 det.T1213.006Databases2 det.T1518.001Security Software Discovery8 det.T1546.003Windows Management Instrumentation Event Subscription17 det.T1546.013PowerShell Profile4 det.T1547.001Registry Run Keys / Startup Folder50 det.T1547.004Winlogon Helper DLL4 det.T1553.006Code Signing Policy Modification2 det.T1555.004Windows Credential Manager8 det.T1560.001Archive via Utility24 det.T1562.001Disable or Modify Tools300 det.T1566.002Spearphishing Link837 det.T1567.002Exfiltration to Cloud Storage27 det.T1570Lateral Tool Transfer20 det.T1583.006Web Services1 det.T1587.001Malware9 det.T1588.001Malware2 det.T1588.002Tool13 det.T1615Group Policy Discovery7 det.