← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Threat Group Assessment: Turla (aka Pensive Ursa)
WHITE Turla AlienVault 2023-09-18 Modified: 2023-10-18
105
IOCs
HIGH VOLUME
A threat assessment of Turla (aka Pensive Ursa) breaks down this Russian-based APT's arsenal and techniques used, covering the top 10 active malware employed.
ComRATKazuarKopiluwakQUIETCANARYAPTTurlaCapibarCrutchPensive UrsaTinyTurla
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Kazuar Crutch - S0538 ComRAT - S0126 QUIETCANARY HyperStack - S0537 Capibar TinyTurla - S0668 Snake KopiLuwak
Indicators of Compromise (105)
All hostname domain FileHash-SHA256 URL FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
hostname mail.aet.in.ua 2023-09-18
domain lakihelppi.com 2023-09-18
domain sanitar.ml 2023-09-18
hostname www.berlinguas.com 2023-09-18
hostname manager.surro.am 2023-09-18
hostname www.balletmaniacs.com 2023-09-18
domain octoberoctopus.co.za 2023-09-18
hostname www.simplifiedhomesales.com 2023-09-18
hostname mail.lechateaudelatour.fr 2023-09-18
hostname www.gallen.fi 2023-09-18
domain sansaispa.com 2023-09-18
hostname mail.arlingtonhousing.us 2023-09-18
domain crusider.tk 2023-09-18
hostname www.bombheros.com 2023-09-18
domain branter.tk 2023-09-18
domain wekanda.tk 2023-09-18
hostname mtsoft.hol.es 2023-09-18
hostname mail.lebsack.de 2023-09-18
domain hcdh-tunisie.org 2023-09-18
hostname mail.kzp.bg 2023-09-18
hostname www.pierreagencement.fr 2023-09-18
domain duke6.tk 2023-09-18
domain bronerg.tk 2023-09-18
domain gaismustudija.lv 2023-09-18
FileHash-SHA256 b262292e049ee75d235164df98fa8ed09a9e2a30c5432623856bafd4bd44d801 2023-09-18
FileHash-SHA256 1950d2e706fbc6263d376c0c4f16bd5acfd543248ee072657ba3dd62da8427eb 2023-09-18
FileHash-SHA256 046f11a6c561e46e6bf199ab7f50e74a4d2aaead68cdbd6ce44b37b5b4964758 2023-09-18
FileHash-SHA256 10c0e2afb37a24ac7732a402a4c9d854b35a382f1651d4aa2ece429b154aecb2 2023-09-18
FileHash-SHA256 009406c1c7c0b289a25d44dfaa8364633d9b71df5f3c7a65deec1ef00a8c2ebb 2023-09-18
FileHash-SHA256 2b969111dd1968d47b02d6390c92fb622cd03570b02ecf9215031ff03611a2b7 2023-09-18
FileHash-SHA256 f3aaa091fdbc8772fb7bd3a81665f4d33c3b62bf98caad6fee4424654ba26429 2023-09-18
FileHash-SHA256 6536b6b50aa1f6899ffa90aaf4b1b67c0ae0f6c0441016f5308b37c12141c61d 2023-09-18
FileHash-SHA256 8490daab736aa638b500b27c962a8250bbb8615ae1c68ef77494875ac9d2ada2 2023-09-18
FileHash-SHA256 3f94b20cb7f4ff55207660649ebbb02679c991fe03efbcb0bd3840fc7f0bd527 2023-09-18
FileHash-SHA256 29b1da7b17a7ba3e730e6927058d0554a8bc81bdef88e364097fab0bb1950edc 2023-09-18
FileHash-SHA256 ba2c8df04bcba5c3cfd343a59d8b59b76779e6c27eb27b7ac73ded97e08f0f39 2023-09-18
FileHash-SHA256 166b1fb3d34b32f1807c710aaa435d181aedbded1e7b4539ffa931c2b2cdd405 2023-09-18
FileHash-SHA256 e33580ae3df9d27d7cfb7b8f518a2704e55c92dd74cbbab8ef58ddfd36524cc8 2023-09-18
FileHash-SHA256 29314f3cd73b81eda7bd90c66f659235e6bb900e499c9cc7057d10a9083a0b94 2023-09-18
FileHash-SHA256 fc68026b83392aa227e9adf9c71289cb51ba03427f6de67a73ae872e19ef6ff9 2023-09-18
FileHash-SHA256 187bf95439da038c1bc291619507ff5e426d250709fa5e3eda7fda99e1c9854c 2023-09-18
FileHash-SHA256 87663affd147065d08d4fe76d9a18b0d7d85fab68cf9f5ac96cfdfff3f27ffd2 2023-09-18
FileHash-SHA256 134919151466c9292bdcb7c24c32c841a5183d880072b0ad5e8b3a3a830afef8 2023-09-18
FileHash-SHA256 cd4c2e85213c96f79ddda564242efec3b970eded8c59f1f6f4d9a420eb8f1858 2023-09-18
FileHash-SHA256 7a7d11adbcb740323eb52b097f535cfa5c281bf07a4d5c4afb0c5182fa4ffd1b 2023-09-18
FileHash-SHA256 00352afc7e7863530e4d68be35ae8b60261fc57560167645697b7bfc0ac0e93d 2023-09-18
FileHash-SHA256 6ca0b4efe077fe05b2ae871bf50133c706c7090a54d2c3536a6c86ff454caa9a 2023-09-18
FileHash-SHA256 bf6f30673cf771d52d589865675a293dc5c3668a956d0c2fc0d9403424d429b2 2023-09-18
FileHash-SHA256 a3170c32c09fc85cdda778a5c20a3dab144b6d1dd9996ba8340866e0081c7642 2023-09-18
FileHash-SHA256 7d5794ad91351c7c5d7fbad8e83e3b71a09baac65fb09ca75d8d18339d24a46f 2023-09-18
FileHash-SHA256 493e5fae191950b901764868b065ddddffa4f4c9b497022ee2f998b4a94f0fc2 2023-09-18
FileHash-SHA256 44d6d67b5328a4d73f72d8a0f9d39fe4bb6539609f90f169483936a8b3b88316 2023-09-18
FileHash-SHA256 b51105c56d1bf8f98b7e924aa5caded8322d037745a128781fa0bc23841d1e70 2023-09-18
FileHash-SHA256 0010ccb822538d1881c61be874af49382c44b6c9cb665081cf0f672cbed5b6a5 2023-09-18
FileHash-SHA256 cf3a7d4285d65bf8688215407bce1b51d7c6b22497f09021f0fce31cbeb78986 2023-09-18
FileHash-SHA256 d4ba16db7c26622d2d402cb9714331abfee891b6276d16e6c2f2132e8944cc71 2023-09-18
FileHash-SHA256 16860fc685ea0dee91e65e253062153ac6c886fdd73a3020c266601f58038a61 2023-09-18
FileHash-SHA256 b93484683014aca8e909c9b5648d8f0ac21a45d0c193f6ca40f0b01d2464c1c4 2023-09-18
FileHash-SHA256 20691ff3c9474cfd7bf6fa3f8720eb7326e6f87f64a1f190861589c1e7397fa5 2023-09-18
FileHash-SHA256 8d9bb878a18b2b7ef558504e78a59eb644f83a63679658533ff8accf0b85fda3 2023-09-18
FileHash-SHA256 64e8744b39e15b76311733014327311acd77330f8a135132f020eac78199ac8a 2023-09-18
FileHash-SHA256 030cbd1a51f8583ccfc3fa38a28a5550dc1c84c05d6c0f5eb887d13dedf1da01 2023-09-18
FileHash-SHA256 0fc624aa9656a8bc21731bfc47fd7780da38a7e8ad7baf1529ccd70a5bb07852 2023-09-18
URL http://mail.lebsack.de/MICROSOFT.EXCHANGE.MAILBOXREPLICATIONSERVICE.PROXYSERVICE/RPCWITCHERT/SYNC 2023-09-18
URL http://mail.arlingtonhousing.us/outlook/api/logoff.aspx 2023-09-18
URL http://octoberoctopus.co.za/wp-includes/sitemaps/web/ 2023-09-18
URL http://mail.aet.in.ua/outlook/api/logoff.aspx 2023-09-18
URL http://mail.numina.md/owa/scripts/logon.aspx 2023-09-18
URL http://www.bombheros.com/wp-content/languages/index.php 2023-09-18
URL http://mail.kzp.bg/outlook/api/logoff.aspx 2023-09-18
URL http://www.simplifiedhomesales.com/wp-includes/images/index.php 2023-09-18
URL http://sansaispa.com/wp-includes/images/gallery/ 2023-09-18
URL http://www.pierreagencement.fr/wp-content/languages/index.php 2023-09-18
URL http://mtsoft.hol.es/wp-content/gallery/ 2023-09-18
URL http://mail.lechateaudelatour.fr/MICROSOFT.EXCHANGE.MAILBOXREPLICATIONSERVICE.PROXYSERVICE/RPCWITCHERT/SYNC 2023-09-18
FileHash-SHA1 b12f6d8283d3a87ead9fd104ac56b64e9c7e6cf0 2023-09-18
FileHash-SHA1 80b9010e312b040f77bbe604320645a4fa3e0ad8 2023-09-18
FileHash-SHA1 15e710a107830b193124a6d2bbc785b9383262a9 2023-09-18
FileHash-SHA1 e5fbba422578209f1045210390eca977f5c5ded7 2023-09-18
FileHash-SHA1 80b5cd49f809c2c9c41007d7de1e941bfbd7c1f2 2023-09-18
FileHash-SHA1 fe5173aae13350558c7d50e39c3cb6ae14efb7db 2023-09-18
FileHash-SHA1 459b17c42017cfdfc7eb804b5c0ee52aa6035d78 2023-09-18
FileHash-SHA1 a06f0e29fca6eb29bf5334fb3b84a872172b0e28 2023-09-18
FileHash-SHA1 39efb312829a44191be0724bf1b06a80478c8f1d 2023-09-18
FileHash-SHA1 98059a86b681b0b8a09a95def3ef874c531b1d66 2023-09-18
FileHash-SHA1 44129dfc41cb2b953398711ebceec0d15c3d6a6e 2023-09-18
FileHash-SHA1 57580fdab19e19337bbf87078e54bd5810c75e1d 2023-09-18
FileHash-SHA1 93537b0814177e2101663306aa17332b9303e08a 2023-09-18
FileHash-SHA1 977d4a6ee64dae2b51bc28cf5a45c87ceafec8c4 2023-09-18
FileHash-SHA1 86f747cac3b16ed2dab6d9f72a347145ff7a850d 2023-09-18
FileHash-SHA1 60f01f7a6df5e7b7253c70f863b6be70d5b56a6d 2023-09-18
FileHash-SHA1 1de19bba99e7ce80116b8e00141db5b525774e81 2023-09-18
FileHash-SHA1 07f0692c856703d75a9946a0fbb3c0db03f7ac40 2023-09-18
FileHash-SHA1 8dfff7785c2562122e424745e40f7ad1ce6bdbb9 2023-09-18
FileHash-SHA1 76555c5faff29cea6c2ede2d0f522a086c9a7df2 2023-09-18
FileHash-SHA1 ca16a95cd38707bad2dc524bb3086b3c0cb3e372 2023-09-18
FileHash-SHA1 c30af6fa5df14e1ba9355b60a9214937f6f18990 2023-09-18
FileHash-SHA1 a4aff23b9a58b598524a71f09aa67994083a9c83 2023-09-18
FileHash-SHA1 7c1b25518dee1e30b5a6eaa1ea8e4a3780c24d0c 2023-09-18
FileHash-SHA1 6239b4d374539c940cffa698e0993d199918a2fc 2023-09-18
FileHash-SHA1 d117643019d665a29ce8a7b812268fb8d3e5aadb 2023-09-18
FileHash-SHA1 36bba4d26ecf02623a51c6241133c4290551e27f 2023-09-18
FileHash-SHA1 b627963a9bac33fa6e3de0f9469b2fa5ecdef6ae 2023-09-18
FileHash-SHA1 02c37ccdfccfe03560a4bf069f46e8ae3a5d2348 2023-09-18
FileHash-SHA1 902b27a5fd2e5f17e5340e350afa037549ce9faa 2023-09-18
References (1)
↗ https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/