# TinyTurla ## Descrição [[s0668-tinyturla|TinyTurla]] é um backdoor utilizado pelo [[g0010-turla|Turla]] contra alvos nos Estados Unidos, Alemanha e Afeganistão desde pelo menos 2020. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1573-002-asymmetric-cryptography|T1573.002 - Asymmetric Cryptography]] - [[t1106-native-api|T1106 - Native API]] - [[t1036-005-match-legitimate-resource-name-or-location|T1036.005 - Match Legitimaté Resource Name or Location]] - [[t1569-002-service-execution|T1569.002 - Service Execution]] - [[t1112-modify-registry|T1112 - Modify Registry]] - [[t1059-003-windows-command-shell|T1059.003 - Windows Command Shell]] - [[t1105-ingress-tool-transfer|T1105 - Ingress Tool Transfer]] - [[t1027-011-fileless-storage|T1027.011 - Fileless Storage]] - [[t1036-004-masquerade-task-or-service|T1036.004 - Masquerade Task or Service]] - [[t1029-scheduled-transfer|T1029 - Scheduled Transfer]] - [[t1012-query-registry|T1012 - Query Registry]] - [[t1008-fallback-channels|T1008 - Fallback Channels]] - [[t1005-data-from-local-system|T1005 - Data from Local System]] - [[t1071-001-web-protocols|T1071.001 - Web Protocols]] ## Grupos que Usam - [[g0010-turla|Turla]] --- *Fonte: [MITRE ATT&CK - S0668](https://attack.mitre.org/software/S0668)*