Turla

216.73.217.22

· Published 16/12/2025 19:39 · Modified 04/05/2026 16:33 · Source: The MITRE Corporation

Essential information

Confidence: 100/100
Published: 16/12/2025 19:39
Modified: 04/05/2026 16:33
Updated at: 04/05/2026 16:33
Revoked: No
Author / Source: The MITRE Corporation
Resource level: —
Primary motivation: —
Related entities: 5 reports, 132 attack patterns (mitre), 39 malware, 8 sectors, 7 countries, 100 indicators, 2 vulnerabilities (cve), 12 tool

Aliases

IRON HUNTER Group 88 Waterbug WhiteBear Snake Krypton Venomous Bear BELUGASTURGEON Secret Blizzard

Description

[Turla](https://attack.mitre.org/groups/G0010) is a cyber espionage threat group that has been attributed to Russia's Federal Security Service (FSB). They have compromised victims in over 50 countries since at least 2004, spanning a range of industries including government, embassies, military, education, research and pharmaceutical companies. [Turla](https://attack.mitre.org/groups/G0010) is known for conducting watering hole and spearphishing campaigns, and leveraging in-house tools and malware, such as [Uroburos](https://attack.mitre.org/software/S0022).(Citation: Kaspersky Turla)(Citation: ESET Gazer Aug 2017)(Citation: CrowdStrike VENOMOUS BEAR)(Citation: ESET Turla Mosquito Jan 2018)(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023)

Marking (TLP)

External references

Related entities

9b97e740b65bc609210f095cd9407c990a9f71f580f001ea07300228c5256d62 related
1c1bb64e38c3fbe1a8f0dcb94ded96b332296bcbf839de438a4838fb43b20af3 related
8168dc0baea6a74120fbabea261e83377697cb5f9726a2514f38ed04b46c56c8 related
7c7fad6b9ecb1e770693a6c62e0cc4183f602b892823f4a451799376be915912 related
b262292e049ee75d235164df98fa8ed09a9e2a30c5432623856bafd4bd44d801 related
hcdh-tunisie.org related
bd7dbaf91ba162b6623292ebcdd2768c5d87e518240fe8ca200a81e9c7f01d76 related
www.baltdefcol.org related
http://www.simplifiedhomesales.com/wp-includes/images/index.php related
mail.lechateaudelatour.fr related
b6abbeab6e000036c6cdffc57c096d796397263e280ea264eba73ac5bab39441 related
f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd9a0c11cb15c43de33bbce0bf68 related
portal.northernfruit.com related
009406c1c7c0b289a25d44dfaa8364633d9b71df5f3c7a65deec1ef00a8c2ebb related
crusider.tk related
aba8b59281faa8c1c43a4ca7af075edd3e3516d3cef058a1f43b093177b8f83c related
mail.kzp.bg related
http://files.philbendeck.com/article/ related
branter.tk related
duke6.tk related
arianeconseil.online related
0fc624aa9656a8bc21731bfc47fd7780da38a7e8ad7baf1529ccd70a5bb07852 related
www.berlinguas.com related
b376a3a6bae73840e70b2fa3df99d881def9250b42b6b8b0458d0445ddfbc044 related
5e122ff3066b6ef2a89295df925431c151f1713708c99772687a30c3204064bd related
baltdefcol.webredirect.org related
493e5fae191950b901764868b065ddddffa4f4c9b497022ee2f998b4a94f0fc2 related
gaismustudija.lv related
e33580ae3df9d27d7cfb7b8f518a2704e55c92dd74cbbab8ef58ddfd36524cc8 related
http://files.philbendeck.com/help/ related
7a7d11adbcb740323eb52b097f535cfa5c281bf07a4d5c4afb0c5182fa4ffd1b related
www.adelaida.ua related
mail.lebsack.de related
https://icw2016.coachfederation.cz/wp-includes/images/wp/ related
http://octoberoctopus.co.za/wp-includes/sitemaps/web/ related
134919151466c9292bdcb7c24c32c841a5183d880072b0ad5e8b3a3a830afef8 related
2164d54c415b48e906ad972a14d45c82af7cab814c6cf11729a994249690ed97 related
mail.arlingtonhousing.us related
dfdc0318f3dc5ba3f960b1f338b638cd9645856d2a2af8aa33ea0f9979a9ca4c related
www.balletmaniacs.com related
http://sansaispa.com/wp-includes/images/gallery/ related
https://185.126.255.132/requestor.php related
caduff-sa.chjeepcarlease.com related
mail.aet.in.ua related
19b7ddd3b06794abe593bf533d88319711ca15bb0a08901b4ab7e52aab015452 related
13fafb1ae2d5de024e68f2e2fc820bc79ef0690c40dbfd70246bcc394c52ea20 related
ee8ef58f3bf0dab066eb608cb0f167b1585e166bf4730858961c192860ceffe9 related
mail.numina.md related
https://socprime.com/blog/uac-0149-attack-detection-hackers-launch-a-targeted-attack-against-the-armed-forces-of-ukraine-as-cert-ua-reports/ related
564b2a3083e55933e4ce68b87c5e268c88d58f7ab41839e5a6e0c728a58e9cf2 related
29b1da7b17a7ba3e730e6927058d0554a8bc81bdef88e364097fab0bb1950edc related
809cc49746fd6e5892b9a00a1fef8467f9e80db2 related
manager.surro.am related
files.philbendeck.com related
a3170c32c09fc85cdda778a5c20a3dab144b6d1dd9996ba8340866e0081c7642 related
thedarktower.av.master.dns-cloud.net related
1c97f92a144ac17e35c0e40dc89e12211ef5a7d5eb8db57ab093987ae6f3b9dc related
carleasingguru.com related
www.gallen.fi related
http://www.bombheros.com/wp-content/languages/index.php related
sansaispa.com related
a56703e72f79b4ec72b97c53fbd8426eb6515e3645cb02e7fc99aaaea515273e related
octoberoctopus.co.za related
https://plagnol-charpentier.fr/wp-includes/random_compat/random_compata0zW7Q related
connectotels.net related
https://citactica.com/wp-content/wp-login.php related
http://files.philbendeck.com/ related
6536b6b50aa1f6899ffa90aaf4b1b67c0ae0f6c0441016f5308b37c12141c61d related
00352afc7e7863530e4d68be35ae8b60261fc57560167645697b7bfc0ac0e93d related
wkoinfo.webredirect.org related
185.126.255.132 related
c039ec6622393f9324cacbf8cfaba3b7a41fe6929812ce3bd5d79b0fdedc884a related
http://files.philbendeck.com/file/ related
cac4d4364d20fa343bf681f6544b31995a57d8f69ee606c4675db60be5ae8775 related
87663affd147065d08d4fe76d9a18b0d7d85fab68cf9f5ac96cfdfff3f27ffd2 related
http://mtsoft.hol.es/wp-content/gallery/ related
d26ac1a90f3b3f9e11491f789e55abe5b7d360df77c91a597e775f6db49902ea related
atomydoc.kg related
20691ff3c9474cfd7bf6fa3f8720eb7326e6f87f64a1f190861589c1e7397fa5 related
ced8891ea8d87005de989f25f0f94634d1fc70ebb37302cf21aa0c0b0e13350f related
69908f05b436bd97baae56296bf9b9e734486516f9bb9938c2b8752e152315d4 related
fc68026b83392aa227e9adf9c71289cb51ba03427f6de67a73ae872e19ef6ff9 related
16860fc685ea0dee91e65e253062153ac6c886fdd73a3020c266601f58038a61 related
08803510089c8832df3f6db57aded7bfd2d91745e7dd44985d4c9cb9bd5fd1d2 related
lakihelppi.com related
f3aaa091fdbc8772fb7bd3a81665f4d33c3b62bf98caad6fee4424654ba26429 related
jadlactnato.webredirect.org related
http://mail.aet.in.ua/outlook/api/logoff.aspx related
b93484683014aca8e909c9b5648d8f0ac21a45d0c193f6ca40f0b01d2464c1c4 related
2b969111dd1968d47b02d6390c92fb622cd03570b02ecf9215031ff03611a2b7 related
00256c7fd9a36c6a4805c467b15b3a72dbac2e6dbd12abe7d768f20ce6c8f09f related
046f11a6c561e46e6bf199ab7f50e74a4d2aaead68cdbd6ce44b37b5b4964758 related
7c4ef30bd1b5cb690d2603e33264768e3b42752660c79979a5db80816dfb2ad2 related
29314f3cd73b81eda7bd90c66f659235e6bb900e499c9cc7057d10a9083a0b94 related
b51105c56d1bf8f98b7e924aa5caded8322d037745a128781fa0bc23841d1e70 related
kav-certificates.info related
https://brauche-it.de/wp-includes/blocks/blocksu9ky0o related
15f5e4808549ff67a79f84e23659da912ebbc1dc7c7b100c12b72384a27e412a related
7d5794ad91351c7c5d7fbad8e83e3b71a09baac65fb09ca75d8d18339d24a46f related
http://files.philbendeck.com/about/ related

Turla

Essential information

Aliases

Description

Marking (TLP)

External references

Related entities

Reports (5)

Attack patterns (MITRE) (132)

Malware (39)

Sectors (8)

Countries (7)

Indicators (100)

Vulnerabilities (CVE) (2)

Tool (12)