Turla

Attributions are based on open-source threat reports. A family appearing here means at least one syscall record cites it; absence does not imply non-use.

3 syscalls cited

NtTestAlert
Tests whether the calling thread has a pending alert and, if so, delivers any queued user-mode APCs.
NtSetSystemInformation
Generic kernel setter selected by SYSTEM_INFORMATION_CLASS — gateway to SystemDebugControl, GDI driver loading and more.
NtCreateKey
Creates or opens a registry key — the kernel-level primitive behind every persistence beacon written to the registry.