The Russian cyber espionage threat group “Turla APT group” was discovered to be using a new backdoor for its malicious operations. This new backdoor has been termed “TinyTurla-NG” (TTNG), which shares similarities with a previously disclosed implant, TinyTurla, regarding coding style and functionality implementations. In addition to this task execution, the backdoor also accepts the following command codes for the C2 as part of the administration of the implant or for file management.
Disclaimer: This article is part of X-Force OSINT Advisories’ automated collection to enable faster integration of open-source articles to client environments. All credit and copyright goes to the original authors.
Reference: https://gbhackers.com/turla-aptc-new-tool/
Sample Indicators of Compromise:
buy-new-car.comthefinetreats.comcarleasingguru.comcaduff-sa.chd6ac21a409f35a80ba9ccfe58ae1ae32883e44ecc724e4ae8289e7465ab2cf40
