{ "id": "79cce9a9-e874-4d43-8d79-1d8df7408673", "created_at": "2026-04-06T00:09:15.444338Z", "updated_at": "2026-04-10T13:12:00.490302Z", "deleted_at": null, "sha1_hash": "f84083ad9f0109d7e61114eb24432931c8d65924", "title": "Sorry - the page you're looking for has been removed", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 211255, "plain_text": "Sorry - the page you're looking for has been removed\r\nPublished: 2022-07-19 ยท Archived: 2026-04-05 14:41:46 UTC\r\nAbout NCSC\r\nReport an incident\r\nContact us\r\nAdvice \u0026 guidance\r\nOur advice \u0026 guidance covers a broad range of topics\r\nFind information for...\r\nYou \u0026 your family\r\nSmall \u0026 medium sized organisations\r\nLarge organisations\r\nSelf employed \u0026 sole traders\r\nPublic sector\r\nCyber security professionals\r\nAll advice and guidance articles\r\nPopular topics\r\nActive Cyber Defence\r\nCritical National Infrastructure (CNI)\r\nPasswords\r\nPhishing\r\nAll topics\r\nOther resources\r\nGlossary of terms\r\nInfographics\r\nVerify an NCSC contact\r\nHeightened cyber threat information\r\nCyber Governance for Boards\r\nRespond to a cyber attack\r\nResources for individuals and organisations in the UK who have experienced an online scam or cyber\r\nattack.\r\nhttps://www.ncsc.gov.uk/alerts/turla-group-malware\r\nPage 1 of 4\n\nAffecting you or your family\r\nOverview\r\nHacked account\r\nSuspicious messages\r\nLost money online\r\nDevice behaving strangely\r\nView more...\r\nAffecting your small business\r\nOverview\r\nSuspicious messages\r\nHacked account\r\nBusiness payment fraud\r\nInfected device\r\nView more...\r\nAffecting your organisation\r\nOverview\r\nRansomware attack\r\nBrand impersonation\r\nDenial of service (DoS) attack\r\nMalware\r\nView more...\r\nFind a product or service\r\nFind a range of products \u0026 services from NCSC and certified 3rd party suppliers\r\nIn this section\r\nOverview\r\nBrowse cyber security services\r\nNCSC assured services\r\nAssuring technology\r\nSearch assured providers\r\nCyber Essentials\r\nUseful links\r\nActive Cyber Defence services\r\nMyNCSC\r\nhttps://www.ncsc.gov.uk/alerts/turla-group-malware\r\nPage 2 of 4\n\nEducation \u0026 skills\r\nWorking with industry, government and academia to support the next generation of researchers, students\r\nand cyber security professionals\r\nFind information for...\r\nSchools\r\nHigher education\r\nProfessional skills training\r\nWorking with the NCSC\r\nResearch \u0026 academia\r\nEducation \u0026 academia resources\r\nCyberFirst\r\nCyberSprinters (7-11 year olds)\r\nCyberFirst Navigators (11-14 year olds)\r\nTraining resources for school staff\r\nResources for higher education institutions\r\nCyber Security Body of Knowledge (CyBOK)\r\nIndustry \u0026 skill resources\r\nCYBERUK 2026\r\nNCSC for StartUps\r\nIndustry 100\r\nCyber League\r\nNews\r\nAll the latest information to help you keep track of what's happening\r\nIn this section\r\nNews\r\nBlogs\r\nSpeeches\r\nReports \u0026 advisories\r\nMalware analysis reports\r\nCYBERUK 2026\r\nStay up to date\r\nhttps://www.ncsc.gov.uk/alerts/turla-group-malware\r\nPage 3 of 4\n\nSubscribe\r\nAbout NCSC\r\nReport an incident\r\nContact us\r\nThe contents were out of date or replaced, but you can still access the information via The National Archives\r\nwebsite. Details how to do this below.\r\nShare and print this article\r\nPublished\r\nPublish date\r\n19 July 2022\r\nSource: https://www.ncsc.gov.uk/alerts/turla-group-malware\r\nhttps://www.ncsc.gov.uk/alerts/turla-group-malware\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA", "Malpedia" ], "origins": [ "web" ], "references": [ "https://www.ncsc.gov.uk/alerts/turla-group-malware" ], "report_names": [ "turla-group-malware" ], "threat_actors": [ { "id": "8aaa5515-92dd-448d-bb20-3a253f4f8854", "created_at": "2024-06-19T02:03:08.147099Z", "updated_at": "2026-04-10T02:00:03.685355Z", "deleted_at": null, "main_name": "IRON HUNTER", "aliases": [ "ATK13 ", "Belugasturgeon ", "Blue Python ", "CTG-8875 ", "ITG12 ", "KRYPTON ", "MAKERSMARK ", "Pensive Ursa ", "Secret Blizzard ", "Turla", "UAC-0003 ", "UAC-0024 ", "UNC4210 ", "Venomous Bear ", "Waterbug " ], "source_name": "Secureworks:IRON HUNTER", "tools": [ "Carbon-DLL", "ComRAT", "LightNeuron", "Mosquito", "PyFlash", "Skipper", "Snake", "Tavdig" ], "source_id": "Secureworks", "reports": null }, { "id": "a97cf06d-c2e2-4771-99a2-c9dee0d6a0ac", "created_at": "2022-10-25T16:07:24.349252Z", "updated_at": "2026-04-10T02:00:04.949821Z", "deleted_at": null, "main_name": "Turla", "aliases": [ "ATK 13", "Belugasturgeon", "Blue Python", "CTG-8875", "G0010", "Group 88", "ITG12", "Iron Hunter", "Krypton", "Makersmark", "Operation Epic Turla", "Operation Moonlight Maze", "Operation Penguin Turla", "Operation Satellite Turla", "Operation Skipper Turla", "Operation Turla Mosquito", "Operation WITCHCOVEN", "Pacifier APT", "Pensive Ursa", "Popeye", "SIG15", "SIG2", "SIG23", "Secret Blizzard", "TAG-0530", "Turla", "UNC4210", "Venomous Bear", "Waterbug" ], "source_name": "ETDA:Turla", "tools": [ "ASPXSpy", "ASPXTool", "ATI-Agent", "AdobeARM", "Agent.BTZ", "Agent.DNE", "ApolloShadow", "BigBoss", "COMpfun", "Chinch", "Cloud Duke", "CloudDuke", "CloudLook", "Cobra Carbon System", "ComRAT", "DoublePulsar", "EmPyre", "EmpireProject", "Epic Turla", "EternalBlue", "EternalRomance", "GoldenSky", "Group Policy Results Tool", "HTML5 Encoding", "HyperStack", "IcedCoffee", "IronNetInjector", "KSL0T", "Kapushka", "Kazuar", "KopiLuwak", "Kotel", "LOLBAS", "LOLBins", "LightNeuron", "Living off the Land", "Maintools.js", "Metasploit", "Meterpreter", "MiamiBeach", "Mimikatz", "MiniDionis", "Minit", "NBTscan", "NETTRANS", "NETVulture", "Neptun", "NetFlash", "NewPass", "Outlook Backdoor", "Penquin Turla", "Pfinet", "PowerShell Empire", "PowerShellRunner", "PowerShellRunner-based RPC backdoor", "PowerStallion", "PsExec", "PyFlash", "QUIETCANARY", "Reductor RAT", "RocketMan", "SMBTouch", "SScan", "Satellite Turla", "SilentMoon", "Sun rootkit", "TTNG", "TadjMakhal", "Tavdig", "TinyTurla", "TinyTurla Next Generation", "TinyTurla-NG", "Topinambour", "Tunnus", "Turla", "Turla SilentMoon", "TurlaChopper", "Uroburos", "Urouros", "WCE", "WITCHCOVEN", "WhiteAtlas", "WhiteBear", "Windows Credential Editor", "Windows Credentials Editor", "Wipbot", "WorldCupSec", "XTRANS", "certutil", "certutil.exe", "gpresult", "nbtscan", "nbtstat", "pwdump" ], "source_id": "ETDA", "reports": null }, { "id": "a97fee0d-af4b-4661-ae17-858925438fc4", "created_at": "2023-01-06T13:46:38.396415Z", "updated_at": "2026-04-10T02:00:02.957137Z", "deleted_at": null, "main_name": "Turla", "aliases": [ "TAG_0530", "Pacifier APT", "Blue Python", "UNC4210", "UAC-0003", "VENOMOUS Bear", "Waterbug", "Pfinet", "KRYPTON", "Popeye", "SIG23", "ATK13", "ITG12", "Group 88", "Uroburos", "Hippo Team", "IRON HUNTER", "MAKERSMARK", "Secret Blizzard", "UAC-0144", "UAC-0024", "G0010" ], "source_name": "MISPGALAXY:Turla", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "d11c89bb-1640-45fa-8322-6f4e4053d7f3", "created_at": "2022-10-25T15:50:23.509601Z", "updated_at": "2026-04-10T02:00:05.277674Z", "deleted_at": null, "main_name": "Turla", "aliases": [ "Turla", "IRON HUNTER", "Group 88", "Waterbug", "WhiteBear", "Krypton", "Venomous Bear", "Secret Blizzard", "BELUGASTURGEON" ], "source_name": "MITRE:Turla", "tools": [ "PsExec", "nbtstat", "ComRAT", "netstat", "certutil", "KOPILUWAK", "IronNetInjector", "LunarWeb", "Arp", "Uroburos", "PowerStallion", "Kazuar", "Systeminfo", "LightNeuron", "Mimikatz", "Tasklist", "LunarMail", "HyperStack", "NBTscan", "TinyTurla", "Penquin", "LunarLoader" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434155, "ts_updated_at": 1775826720, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f84083ad9f0109d7e61114eb24432931c8d65924.pdf", "text": "https://archive.orkl.eu/f84083ad9f0109d7e61114eb24432931c8d65924.txt", "img": "https://archive.orkl.eu/f84083ad9f0109d7e61114eb24432931c8d65924.jpg" } }