#
Infrastructure for Turla Evaluation
The Turla infrastructure is split over two scenarios, Scenario 1 (Carbon) and Scenario 2 (Snake). For convenience, both scenarios share supporting infrastructure, including attacker platform, DNS, mail server, and traffic forwarding hosts.
Initial infrastructure was setup using Terraform, with configuration applied via scripts and configuration files.
Infrastructure for Turla Evaluation Infrastructure Overview Scenario VMs Carbon Snake Support Hosts
Network Services Network Diagram TLS Certificates Domains Used Email Flow Windows Service (Carbon Scenario Only)
#
Infrastructure Overview
This document provides an overview of the infrastructure support used for the evaluation. In addition to setup and configuration of virtual machines, this document covers infrastructure support services, such as DNS, mail, and traffic redirection, used to support the evaluation. The Carbon and Snake scenarios both shared the same set of support services for efficiency.
Any references to scenario or range hosts is referencing all Carbon and Snake hosts, unless otherwise specified.
#
Scenario VMs
#
Carbon
The Carbon scenario consists of six virtual machines, all joined to the skt.local
Windows domain.
#
Snake
The Snake scenario consists of five virtual machines, all joined to the nk.local
Windows domain.
#
Support Hosts
#
Red Team Hosts
#
Network Services
In addition to the VMs in scope for vendor security software during the evaluation, additional hosts were required to provide the full complement of services to fully emulate the scenario.
#
Network Diagram
The diagram below shows the layout of both scenario networks, attack platform, and support hosts.
#
TLS Certificates
A self-signed certificate authority was generated to emulate a legitimately assigned TLS certificate for the domain svobodaukrayin[.]ua
. See the Certificate Authority page for further details on how the certificates were created and configured.
#
Domains Used
#
Email Flow
Email services used Microsoft Exchange 2019 for email processing for each scenario domain, with Postfix used as the external email server. More details are provided in the Email Flow page.
#
Windows Service (Carbon Scenario Only)
The Carbon Windows VMs had a custom Windows Service installed, Viper VPN Service. Details of the service code and configuration are provided in the linked document.