Pulse Detail — Threat Intelligence

PULSE NAME

Threat Group Assessment: Turla (aka Pensive Ursa)

WHITE Turla AlienVault 2023-09-18 Modified: 2023-10-18

105

IOCs

HIGH VOLUME

A threat assessment of Turla (aka Pensive Ursa) breaks down this Russian-based APT's arsenal and techniques used, covering the top 10 active malware employed.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1543.002 T1007 T1027.002 T1003 T1071 T1098 T1014

MALWARE FAMILIES

Kazuar Crutch - S0538 ComRAT - S0126 QUIETCANARY HyperStack - S0537 Capibar TinyTurla - S0668 Snake KopiLuwak

Indicators of Compromise (39 / 105 total)

All hostname domain FileHash-SHA256 URL FileHash-SHA1

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	b262292e049ee75d235164df98fa8ed09a9e2a30c5432623856bafd4bd44d801	—	2023-09-18
FileHash-SHA256	1950d2e706fbc6263d376c0c4f16bd5acfd543248ee072657ba3dd62da8427eb	—	2023-09-18
FileHash-SHA256	046f11a6c561e46e6bf199ab7f50e74a4d2aaead68cdbd6ce44b37b5b4964758	—	2023-09-18
FileHash-SHA256	10c0e2afb37a24ac7732a402a4c9d854b35a382f1651d4aa2ece429b154aecb2	—	2023-09-18
FileHash-SHA256	009406c1c7c0b289a25d44dfaa8364633d9b71df5f3c7a65deec1ef00a8c2ebb	—	2023-09-18
FileHash-SHA256	2b969111dd1968d47b02d6390c92fb622cd03570b02ecf9215031ff03611a2b7	—	2023-09-18
FileHash-SHA256	f3aaa091fdbc8772fb7bd3a81665f4d33c3b62bf98caad6fee4424654ba26429	—	2023-09-18
FileHash-SHA256	6536b6b50aa1f6899ffa90aaf4b1b67c0ae0f6c0441016f5308b37c12141c61d	—	2023-09-18
FileHash-SHA256	8490daab736aa638b500b27c962a8250bbb8615ae1c68ef77494875ac9d2ada2	—	2023-09-18
FileHash-SHA256	3f94b20cb7f4ff55207660649ebbb02679c991fe03efbcb0bd3840fc7f0bd527	—	2023-09-18
FileHash-SHA256	29b1da7b17a7ba3e730e6927058d0554a8bc81bdef88e364097fab0bb1950edc	—	2023-09-18
FileHash-SHA256	ba2c8df04bcba5c3cfd343a59d8b59b76779e6c27eb27b7ac73ded97e08f0f39	—	2023-09-18
FileHash-SHA256	166b1fb3d34b32f1807c710aaa435d181aedbded1e7b4539ffa931c2b2cdd405	—	2023-09-18
FileHash-SHA256	e33580ae3df9d27d7cfb7b8f518a2704e55c92dd74cbbab8ef58ddfd36524cc8	—	2023-09-18
FileHash-SHA256	29314f3cd73b81eda7bd90c66f659235e6bb900e499c9cc7057d10a9083a0b94	—	2023-09-18
FileHash-SHA256	fc68026b83392aa227e9adf9c71289cb51ba03427f6de67a73ae872e19ef6ff9	—	2023-09-18
FileHash-SHA256	187bf95439da038c1bc291619507ff5e426d250709fa5e3eda7fda99e1c9854c	—	2023-09-18
FileHash-SHA256	87663affd147065d08d4fe76d9a18b0d7d85fab68cf9f5ac96cfdfff3f27ffd2	—	2023-09-18
FileHash-SHA256	134919151466c9292bdcb7c24c32c841a5183d880072b0ad5e8b3a3a830afef8	—	2023-09-18
FileHash-SHA256	cd4c2e85213c96f79ddda564242efec3b970eded8c59f1f6f4d9a420eb8f1858	—	2023-09-18
FileHash-SHA256	7a7d11adbcb740323eb52b097f535cfa5c281bf07a4d5c4afb0c5182fa4ffd1b	—	2023-09-18
FileHash-SHA256	00352afc7e7863530e4d68be35ae8b60261fc57560167645697b7bfc0ac0e93d	—	2023-09-18
FileHash-SHA256	6ca0b4efe077fe05b2ae871bf50133c706c7090a54d2c3536a6c86ff454caa9a	—	2023-09-18
FileHash-SHA256	bf6f30673cf771d52d589865675a293dc5c3668a956d0c2fc0d9403424d429b2	—	2023-09-18
FileHash-SHA256	a3170c32c09fc85cdda778a5c20a3dab144b6d1dd9996ba8340866e0081c7642	—	2023-09-18
FileHash-SHA256	7d5794ad91351c7c5d7fbad8e83e3b71a09baac65fb09ca75d8d18339d24a46f	—	2023-09-18
FileHash-SHA256	493e5fae191950b901764868b065ddddffa4f4c9b497022ee2f998b4a94f0fc2	—	2023-09-18
FileHash-SHA256	44d6d67b5328a4d73f72d8a0f9d39fe4bb6539609f90f169483936a8b3b88316	—	2023-09-18
FileHash-SHA256	b51105c56d1bf8f98b7e924aa5caded8322d037745a128781fa0bc23841d1e70	—	2023-09-18
FileHash-SHA256	0010ccb822538d1881c61be874af49382c44b6c9cb665081cf0f672cbed5b6a5	—	2023-09-18
FileHash-SHA256	cf3a7d4285d65bf8688215407bce1b51d7c6b22497f09021f0fce31cbeb78986	—	2023-09-18
FileHash-SHA256	d4ba16db7c26622d2d402cb9714331abfee891b6276d16e6c2f2132e8944cc71	—	2023-09-18
FileHash-SHA256	16860fc685ea0dee91e65e253062153ac6c886fdd73a3020c266601f58038a61	—	2023-09-18
FileHash-SHA256	b93484683014aca8e909c9b5648d8f0ac21a45d0c193f6ca40f0b01d2464c1c4	—	2023-09-18
FileHash-SHA256	20691ff3c9474cfd7bf6fa3f8720eb7326e6f87f64a1f190861589c1e7397fa5	—	2023-09-18
FileHash-SHA256	8d9bb878a18b2b7ef558504e78a59eb644f83a63679658533ff8accf0b85fda3	—	2023-09-18
FileHash-SHA256	64e8744b39e15b76311733014327311acd77330f8a135132f020eac78199ac8a	—	2023-09-18
FileHash-SHA256	030cbd1a51f8583ccfc3fa38a28a5550dc1c84c05d6c0f5eb887d13dedf1da01	—	2023-09-18
FileHash-SHA256	0fc624aa9656a8bc21731bfc47fd7780da38a7e8ad7baf1529ccd70a5bb07852	—	2023-09-18

References (1)

↗ https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/