title: Turla ComRAT
id: 7857f021-007f-4928-8b2c-7aedbe64bb82
status: test
description: Detects Turla ComRAT patterns
author: Florian Roth
references:
  - https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf
date: 2020/05/26
modified: 2021/11/27
logsource:
  category: proxy
detection:
  selection:
    c-uri|contains: '/index/index.php?h='
  condition: selection
falsepositives:
  - Unknown
level: high
tags:
  - attack.defense_evasion
  - attack.command_and_control
  - attack.t1071.001
  - attack.g0010