Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 16:51:08 UTC
Home > List all groups > List all tools > List all groups using tool Uroburos
 Tool: Uroburos
Names
Uroburos
Urouros
Turla
Snake
Category Malware
Type Rootkit, Backdoor, Info stealer, Exfiltration
Description
(G Data) Uroburos is a rootkit, composed of two files, a driver and an encrypted virtual file system. The rootkit is abl
control of an infected machine, execute arbitrary commands and hide system activities. It can steal information (most
files) and it is also able to capture network traffic. Its modular structure allows extending it with new features easily, w
makes it not only highly sophisticated but also highly flexible and dangerous. Uroburos' driver part is extremely comp
is designed to be very discrete and very difficult to identify.
Information
MITRE ATT&CK Malpedia
AlienVault OTX Last change to this tool card: 21 June 2023
Download this tool card in JSON format
All groups using tool Uroburos
Changed Name Country Observed
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6f442433-7a6d-4492-b57e-5e69266de853
Page 1 of 2

APT groups
  Turla, Waterbug, Venomous Bear 1996-2024  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6f442433-7a6d-4492-b57e-5e69266de853
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6f442433-7a6d-4492-b57e-5e69266de853
Page 2 of 2