Collection of literature around Turla espionage group

Index:

Open Source Intelligence reports for activity attributed to Turla espionage group

Open Source Intelligence reports for activity attributed to Turla espionage group

A consolidated list of reports that describe Turla activities

Different names given to this group by vendors:

Turla (ESET, Cisco Talos)
Waterbug (Symantec)

index	URL	Date Published
1	http://blog.threatexpert.com/2008/11/agentbtz-threat-that-hit-pentagon.html	2008-11-30
2	https://public.gdatasoftware.com/Web/Content/INT/Blog/2014/02_2014/documents/GData_Uroburos_RedPaper_EN_v1.pdf	2014-02-01
3	https://securelist.com/the-epic-turla-operation/65545/	2014-08-07
4	https://www.gdatasoftware.com/blog/2015/01/23927-evolution-of-sophisticated-spyware-from-agent-btz-to-comrat	2015-01-15
5	https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081/	2015-09-05
6	https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf	2016-01-14
7	https://www.melani.admin.ch/dam/melani/en/dokumente/2016/technical%20report%20ruag.pdf.download.pdf/Report_Ruag-Espionage-Case.pdf	2016-05-23
8	https://securelist.com/kopiluwak-a-new-javascript-payload-from-turla/77429/	2017-02-02
9	https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/	2017-03-30
10	https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/	2017-06-06
11	https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack	2017-08-17
12	https://www.carbonblack.com/2017/08/18/threat-analysis-carbon-black-threat-research-dissects-png-dropper/	2017-08-18
13	https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf	2017-08-XX
14	https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf	2018-01-XX
15	https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools/	2018-05-22
16	https://www.welivesecurity.com/2018/08/22/turla-unique-outlook-backdoor/	2018-08-22
17	https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/	2018-11-22
18	https://www.welivesecurity.com/2019/05/07/turla-lightneuron-email-too-far/	2019-05-07
19	https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/	2019-05-29
20	https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/waterbug-espionage-governments	2019-06-20
21	https://securelist.com/turla-renews-its-arsenal-with-topinambour/91687/	2019-07-15
22	https://www.welivesecurity.com/2020/03/12/tracking-turla-new-backdoor-armenian-watering-holes/	2020-03-12
23	https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/	2020-05-26
24	https://www.accenture.com/us-en/blogs/cyber-defense/turla-belugasturgeon-compromises-government-entity	2020-10-27
25	https://us-cert.cisa.gov/ncas/current-activity/2020/10/29/cisa-fbi-and-cnmf-identify-new-malware-variant-comrat	2020-10-29
26	https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/	2020-12-02
27	https://unit42.paloaltonetworks.com/ironnetinjector/	2021-02-19
28	https://blog.talosintelligence.com/2021/09/tinyturla.html	2021-09-21
29	https://blog.sekoia.io/turla-new-phishing-campaign-eastern-europe/	2022-05-23

tags: #threat intelligence