Trusted Design

Satellite Turla: APT Command and Control in the Sky

概要

Also known as Snake or Uroburos, names which come from its top class rootkit, the Turla cyber-espionage group has been active for more than 8 years. Several papers have been published about the group’s operations, but until the Epic Turla research was published by Kaspersky Lab, little information was available about the more unusual aspects of their operations, such as the first stages of infection through watering-hole attacks. What makes the Turla group special is not just the complexity of its tools, which include the Uroboros rootkit, aka “Snake”, as well as mechanisms designed to bypass air gaps through multi-stage proxy networks inside LANs, but the exquisite satellite-based C&C mechanism used in the latter stages of the attack.

Created: 2026-02-23

Indicators

• hostname - downtown.crabdance.com -
• hostname - fifa-rules.25u.com -
• hostname - health-everyday.faqserv.com -
• hostname - marketplace.servehttp.com -
• hostname - greateplan.ocry.com -
• hostname - softstream.strangled.net -
• hostname - hockey-news.servehttp.com -
• FileHash-MD5 - f5916f8f004ffb85e93b4d205576a247 -
• hostname - telesport.mooo.com -
• FileHash-MD5 - 0328dedfce54e185ad395ac44aa4223c -
• hostname - supernews.sytes.net -
• hostname - weather-online.hopto.org -
• hostname - accessdest.strangled.net -
• hostname - newgame.2waky.com -
• hostname - nhl-blog.servegame.com -
• hostname - supernews.instanthq.com -
• FileHash-MD5 - e29a3cc864d943f0e3ede404a32f4189 -
• hostname - eurovision.chickenkiller.com -
• hostname - tiger.got-game.org -
• hostname - industrywork.mooo.com -
• hostname - newutils.3utilities.com -
• hostname - wintersport.mrbasic.com -
• hostname - leagueoflegends.servequake.com -
• FileHash-MD5 - 594cb9523e32a5bbf4eb1c491f06d4f9 -
• hostname - easport-news.publicvm.com -
• hostname - olympik-blog.4dq.com -
• FileHash-MD5 - 18da7eea4e8a862a19c8c4f10d7341c0 -
• FileHash-MD5 - 49d6cf436aa7bc5314aa4e78608872d8 -
• hostname - pressforum.serveblog.net -
• FileHash-MD5 - d5bd7211332d31dcead4bfb07b288473 -
• hostname - x-files.zapto.org -
• hostname - mediahistory.linkpc.net -
• hostname - sealand.publicvm.com -
• FileHash-MD5 - b0a1301bc25cfbe66afe596272f56475 -
• hostname - supercar.ignorelist.com -
• hostname - highhills.ignorelist.com -
• hostname - top-facts.sytes.net -
• FileHash-MD5 - d6211fec96c60114d41ec83874a1b31d -
• hostname - track.strangled.net -
• FileHash-MD5 - bcfee2fb5dbc111bfa892ff9e19e45c1 -
• hostname - sportnewspaper.strangled.net -
• hostname - new-book.linkpc.net -
• hostname - securesource.strangled.net -
• hostname - chinafood.chickenkiller.com -
• hostname - coldriver.strangled.net -
• hostname - music-world.servemp3.com -
• hostname - onlineshop.sellclassics.com -
• hostname - goldenroade.strangled.net -
• hostname - bug.ignorelist.com -
• hostname - developarea.mooo.com -
• hostname - sportacademy.my03.com -
• FileHash-MD5 - a44ee30f9f14e156ac0c2137af595cf7 -
• hostname - cars-online.zapto.org -
• hostname - wargame.ignorelist.com -
• hostname - nightstreet.toh.info -
• hostname - forum.sytes.net -
• hostname - bookstore.strangled.net -
• FileHash-MD5 - 2a7670aa9d1cc64e61fd50f9f64296f9 -
• hostname - radiobutton.mooo.com -

類似Pulses

• Analysis of Project Cobra (2015) (score: 0.68)
• Turla / Pfinet / Snake/ Uroburos (2014) (score: 0.68)
• BBSRAT Attacks Targeting Russian Orgs Linked to Roaming Tiger (score: 0.59)
• BBSRAT Attacks Targeting Russian Organizations (score: 0.59)
• The Epic Turla Operation: Solving some of the mysteries of Snake/Uroboros (2014) (score: 0.55)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る