← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Threat Group Assessment: Turla (aka Pensive Ursa)
WHITE Turla AlienVault 2023-09-18 Modified: 2023-10-18
105
IOCs
HIGH VOLUME
A threat assessment of Turla (aka Pensive Ursa) breaks down this Russian-based APT's arsenal and techniques used, covering the top 10 active malware employed.
ComRATKazuarKopiluwakQUIETCANARYAPTTurlaCapibarCrutchPensive UrsaTinyTurla
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Kazuar Crutch - S0538 ComRAT - S0126 QUIETCANARY HyperStack - S0537 Capibar TinyTurla - S0668 Snake KopiLuwak
Indicators of Compromise (30 / 105 total)
All hostname domain FileHash-SHA256 URL FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 b12f6d8283d3a87ead9fd104ac56b64e9c7e6cf0 2023-09-18
FileHash-SHA1 80b9010e312b040f77bbe604320645a4fa3e0ad8 2023-09-18
FileHash-SHA1 15e710a107830b193124a6d2bbc785b9383262a9 2023-09-18
FileHash-SHA1 e5fbba422578209f1045210390eca977f5c5ded7 2023-09-18
FileHash-SHA1 80b5cd49f809c2c9c41007d7de1e941bfbd7c1f2 2023-09-18
FileHash-SHA1 fe5173aae13350558c7d50e39c3cb6ae14efb7db 2023-09-18
FileHash-SHA1 459b17c42017cfdfc7eb804b5c0ee52aa6035d78 2023-09-18
FileHash-SHA1 a06f0e29fca6eb29bf5334fb3b84a872172b0e28 2023-09-18
FileHash-SHA1 39efb312829a44191be0724bf1b06a80478c8f1d 2023-09-18
FileHash-SHA1 98059a86b681b0b8a09a95def3ef874c531b1d66 2023-09-18
FileHash-SHA1 44129dfc41cb2b953398711ebceec0d15c3d6a6e 2023-09-18
FileHash-SHA1 57580fdab19e19337bbf87078e54bd5810c75e1d 2023-09-18
FileHash-SHA1 93537b0814177e2101663306aa17332b9303e08a 2023-09-18
FileHash-SHA1 977d4a6ee64dae2b51bc28cf5a45c87ceafec8c4 2023-09-18
FileHash-SHA1 86f747cac3b16ed2dab6d9f72a347145ff7a850d 2023-09-18
FileHash-SHA1 60f01f7a6df5e7b7253c70f863b6be70d5b56a6d 2023-09-18
FileHash-SHA1 1de19bba99e7ce80116b8e00141db5b525774e81 2023-09-18
FileHash-SHA1 07f0692c856703d75a9946a0fbb3c0db03f7ac40 2023-09-18
FileHash-SHA1 8dfff7785c2562122e424745e40f7ad1ce6bdbb9 2023-09-18
FileHash-SHA1 76555c5faff29cea6c2ede2d0f522a086c9a7df2 2023-09-18
FileHash-SHA1 ca16a95cd38707bad2dc524bb3086b3c0cb3e372 2023-09-18
FileHash-SHA1 c30af6fa5df14e1ba9355b60a9214937f6f18990 2023-09-18
FileHash-SHA1 a4aff23b9a58b598524a71f09aa67994083a9c83 2023-09-18
FileHash-SHA1 7c1b25518dee1e30b5a6eaa1ea8e4a3780c24d0c 2023-09-18
FileHash-SHA1 6239b4d374539c940cffa698e0993d199918a2fc 2023-09-18
FileHash-SHA1 d117643019d665a29ce8a7b812268fb8d3e5aadb 2023-09-18
FileHash-SHA1 36bba4d26ecf02623a51c6241133c4290551e27f 2023-09-18
FileHash-SHA1 b627963a9bac33fa6e3de0f9469b2fa5ecdef6ae 2023-09-18
FileHash-SHA1 02c37ccdfccfe03560a4bf069f46e8ae3a5d2348 2023-09-18
FileHash-SHA1 902b27a5fd2e5f17e5340e350afa037549ce9faa 2023-09-18
References (1)
↗ https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/