Emerging Threats
Actor2017, 2014
Turla
5Rules
5References
2Folders
2025-10-19Latest
Summary
Turla is tracked here as a threat actor, intrusion set, or campaign with 5 Sigma detections spanning 2017, 2014. Coverage centers on windows / process_creation, windows / system, windows / pipe_created.
Related Detections
Search this threatEmerging Threatcriticaltest
Turla Group Commands May 2020
Detects commands used by Turla group as reported by ESET in May 2020
WindowsProcess Creation
TA0004 · Privilege EscalationTA0003 · PersistenceTA0005 · StealthG0010 · Turla+5
Florian Roth (Nextron Systems)Tue May 262014
Emerging Threatcriticaltest
Turla Group Lateral Movement
Detects automated lateral movement by Turla group
WindowsProcess Creation
G0010 · TurlaTA0002 · ExecutionT1059 · Command and Scripting InterpreterTA0008 · Lateral Movement+5
Markus NeisTue Nov 072014
Emerging Threatcriticaltest
Turla PNG Dropper Service
This method detects malicious services mentioned in Turla PNG dropper report by NCC Group in November 2018
Windowssystem
TA0004 · Privilege EscalationTA0003 · PersistenceG0010 · TurlaT1543.003 · Windows Service+1
Florian Roth (Nextron Systems)Fri Nov 232017
Emerging Threathightest
Turla Service Install
This method detects a service install of malicious services mentioned in Carbon Paper - Turla report by ESET
Windowssystem
TA0004 · Privilege EscalationTA0003 · PersistenceG0010 · TurlaT1543.003 · Windows Service+1
Florian Roth (Nextron Systems)Fri Mar 312017
Emerging Threatcriticaltest
Turla Group Named Pipes
Detects a named pipe used by Turla group samples
WindowsNamed Pipe Created
G0010 · TurlaTA0002 · ExecutionT1106 · Native APIdetection.emerging-threats
Markus NeisMon Nov 062017
References