Movatterモバイル変換


[0]ホーム

URL:


  1. Home
  2. Software
  3. TinyTurla

TinyTurla

TinyTurla is a backdoor that has been used byTurla against targets in the US, Germany, and Afghanistan since at least 2020.[1]

ID: S0668
Type: MALWARE
Platforms: Windows
Contributors: Kyaw Pyiyt Htet, @KyawPyiytHtet; Massimiliano Romano, BT Security
Version: 1.1
Created: 02 December 2021
Last Modified: 16 April 2025
Enterprise Layer
downloadview

Techniques Used

DomainIDNameUse
EnterpriseT1071.001Application Layer Protocol:Web Protocols

TinyTurla can use HTTPS in C2 communications.[1]

EnterpriseT1059.003Command and Scripting Interpreter:Windows Command Shell

TinyTurla has been installed using a .bat file.[1]

EnterpriseT1005Data from Local System

TinyTurla can upload files from a compromised host.[1]

EnterpriseT1573.002Encrypted Channel:Asymmetric Cryptography

TinyTurla has the ability to encrypt C2 traffic with SSL/TLS.[1]

EnterpriseT1008Fallback Channels

TinyTurla can go through a list of C2 server IPs and will try to register with each until one responds.[1]

EnterpriseT1105Ingress Tool Transfer

TinyTurla has the ability to act as a second-stage dropper used to infect the system with additional malware.[1]

EnterpriseT1036.004Masquerading:Masquerade Task or Service

TinyTurla has mimicked an existing Windows service by being installed asWindows Time Service.[1]

.005Masquerading:Match Legitimate Resource Name or Location

TinyTurla has been deployed asw64time.dll to appear legitimate.[1]

EnterpriseT1112Modify Registry

TinyTurla can set its configuration parameters in the Registry.[1]

EnterpriseT1106Native API

TinyTurla has usedWinHTTP,CreateProcess, and other APIs for C2 communications and other functions.[1]

EnterpriseT1027.011Obfuscated Files or Information:Fileless Storage

TinyTurla can save its configuration parameters in the Registry.[1]

EnterpriseT1012Query Registry

TinyTurla can query the Registry for its configuration information.[1]

EnterpriseT1029Scheduled Transfer

TinyTurla contacts its C2 based on a scheduled timing set in its configuration.[1]

EnterpriseT1569.002System Services:Service Execution

TinyTurla can install itself as a service on compromised machines.[1]

Groups That Use This Software

IDNameReferences
G0010Turla

[1]

References

×

[8]ページ先頭

©2009-2026 Movatter.jp