Turla's Modern Penguin

There are a lot of really great resources out there about APTs and how they operate, my favorite being https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections. In there you will find more information than you could ever want to know about APT operations, what they are capable of, and how they operate. The list of references in there are excellent and contain other folks' collections, I especially like Mitre's work. You could easily spend your entire career reading these reports and writing more reports off of them, and if you are into that, plenty of people do.

However, we're here to become APTs so spend some time learning about them and try to find some favorites to stan. I'm a big Turla guy myself, but there's a lot of very interesting information out there that will give you all the information you need to replicate anyone's capabilities (given a few million dollars and a few dozen headcount of elite programmers, operators, and analysts.

For this adventure we are going to be roughly recreating Turlas' Penguin backdoor, so read this for a representative example of how in-depth the malware analysis can be. https://github.com/blackorbird/APT_REPORT/blob/master/Turla/Malware%20Technical%20Insight%20_Turla%20%E2%80%9CPenquin_x64%E2%80%9D.pdf

Last modified: Friday, 8 January 2021, 9:44 AM