← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
To the Moon and back(doors): Lunar landing in diplomatic missions
WHITE Turla bluenumberone 2024-05-16 Modified: 2024-06-15
347
IOCs
HIGH VOLUME
ESET Research has identified two backdoors used by the infamous Russian-aligned cyberespionage group, Turla, to compromise European diplomatic institutions in the Middle East and other parts of the world.
lunarweblunarmailstrongc servereset researchturlastageoutlookaes256httppowershellpersistencewin64formatfirsttipssnakedefensesmskeystagesloaderlightneuronexecutioneburywebglobelunarloadergazer loaderwelivesecuritycryptocompromiseltmanagercarbongazermosquitoarmeniastardllinjectordroppercomratcrutchfooter
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Turla Webglobe LunarLoader LunarWeb LunarMail
Indicators of Compromise (59 / 347 total)
All hostname URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain email
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 06bd89448a10aa5c2f4ca46b4709a879 MD5 of 228da957a9ed661e17e00efba8e923fd17fae054 2024-05-16
FileHash-MD5 080b2ce7188547c1e9ad1b8089467261 MD5 of e441cc1547b18bba76d2a8bd4d0f644ad5388082 2024-05-16
FileHash-MD5 0952b0efe7c2099100904dc787825061 MD5 of 620a669ec0451c9f079fb4731f254ac577902e5e 2024-05-16
FileHash-MD5 0ab62a3e02a036d81a64dac9e6b53533 MD5 of cde4d12ef9f70988c63b66bf019c379d59a0e61f 2024-05-16
FileHash-MD5 0c6bb4ce1251c34365b8eb2a933dc431 MD5 of e40bb5beec5678537e8fe537f872b2ad6b77e08a 2024-05-16
FileHash-MD5 110e9bc680c9d5452c23722f42c385b3 MD5 of c51d288469df9f25e2fb7ac491918b3e579282ea 2024-05-16
FileHash-MD5 137eb9b6ef122857bde72f78962ed208 MD5 of 48bcec5a65401fbe9df8626a780f831ad55060a1 2024-05-16
FileHash-MD5 13a81d857610d05f387c1aa86b4b49b9 MD5 of bcf52240cc7940185ce424224d39564257610340 2024-05-16
FileHash-MD5 165be7620b78fe37cf25c797ee5b49e7 MD5 of 50c0bf9479efc93fa9cf1aa99bdca923273b71a1 2024-05-16
FileHash-MD5 1c84038a7aac6342894d5896a390913d MD5 of 1b233af41106d7915f6fa6fd1448b7f070b47eb3 2024-05-16
FileHash-MD5 1fb407a20373f3970f08d3f3c086841d MD5 of 777e2695ae408e1578a16991373144333732c3f6 2024-05-16
FileHash-MD5 213ca4db4c2abd3b631da00c299d75ef MD5 of 7f3a60613a3bdb5f1f8616e6ca469d3b78b1b45b 2024-05-16
FileHash-MD5 21802eb06e2b05b5db40381f296d67ad MD5 of 554f59c1578f4ee77dbba6a23507401359a59f23 2024-05-16
FileHash-MD5 21c95dc8989cfa8fc58ecdf7a622f31c MD5 of 9f81710b85aa7088505c1eecce9da94a39a2dc06 2024-05-16
FileHash-MD5 244505129d96be57134cb00f27d4359c MD5 of 2f7e335e092e04f3f4734b60c5345003d10aa15d 2024-05-16
FileHash-MD5 278e56c4b171d4d8799b9a77c31e4484 MD5 of 744b43d8c0fe8b217acf0494ad992df6d5191ed9 2024-05-16
FileHash-MD5 2b14f9f3c758a2cf842a61aca6a3455d MD5 of f9d52bb5a30b42fc2d1763be586cee8a57424732 2024-05-16
FileHash-MD5 2b35c299c96d17a1d4b09092b09bf692 MD5 of b6567f988c9acc5df3cbd72409fc70d54ea412bb 2024-05-16
FileHash-MD5 2e244d33dd8eb70bd83eb38e029d39ac MD5 of e0788a0179fd3ecf7bc9e65c1c9f107d8f2c3142 2024-05-16
FileHash-MD5 3b28045c0636f455a3fdf75bd44256ba MD5 of 851e538357598ed96f0123b47694e25c2d52552b 2024-05-16
FileHash-MD5 3c32e13162d884ab66e44902eddb8eee MD5 of 24925a2e8de38f2498906f8088cf2a8939e3cfd3 2024-05-16
FileHash-MD5 3e65a6d5658e6517c59d978dc159057a MD5 of 04fb0667b4a4eb1831be88958e6127cd7317638a 2024-05-16
FileHash-MD5 4085820a53a7f8dd58d4ba5ecf94e42b MD5 of 56b5627debb93790fdbcc9ecbffc3260adeafbab 2024-05-16
FileHash-MD5 43e896ede6fe025ee90f7f27c6d376a4 MD5 of a28164de29e51f154be12d163ce5818fceb69233 2024-05-16
FileHash-MD5 4a33ddf1abd835db89e4e4264a168244 MD5 of cecc70f2b2d50269191336219a8f893d45f5e979 2024-05-16
FileHash-MD5 4ae7e6011b550372d2a73ab3b4d67096 MD5 of 311f399c299741e80db8bec65bbf4b56109eedaf 2024-05-16
FileHash-MD5 4c1017de62ea4788c7c8058a8f825a2d MD5 of 1ad46547e3dc264f940bf62df455b26e65b0101f 2024-05-16
FileHash-MD5 4cf5e181047504456ff181f2db8ae59f MD5 of 5838a51426ca6095b1c92b87e1be22276c21a044 2024-05-16
FileHash-MD5 55319464e46e2c31d22b39b46d5477fb MD5 of a4d1a34fe5effd90ccb6897679586ddc07fbc5cd 2024-05-16
FileHash-MD5 554450c1ecb925693fedbb9e56702646 MD5 of 7ce746bb988cb3b7e64f08174bdb02938555ea53 2024-05-16
FileHash-MD5 5924eac8af1f3e3f1f825998bc59c062 MD5 of 0a9f10925af42df94925d07112f303d57392c908 2024-05-16
FileHash-MD5 5a2acbc101a8323f876bdd26948ee8a7 MD5 of b151cd7c4f9e53a8dcbdeb7ce61ccdd146eb68ab 2024-05-16
FileHash-MD5 7009af646c6c3e6abc0af744152ca968 MD5 of 8a7e2399a61ec025c15d06ecdd9b7b37d6245ec2 2024-05-16
FileHash-MD5 7ddee9311d7ab2d548e9b252383863ef MD5 of 4636dccac5acf1d95a474747bb7bcd9b1a506cc3 2024-05-16
FileHash-MD5 7ffbbbe675299267394b2ddfcb4c0c50 MD5 of 522e5f02c06ad215c9d0c23c5a6a523d34ae4e91 2024-05-16
FileHash-MD5 8e2ce1bc84ad3edd3c38037c982b509a MD5 of a4aff23b9a58b598524a71f09aa67994083a9c83 2024-05-16
FileHash-MD5 901e61ca391d9250c2bc57833ba18a8d MD5 of 9ff4f59ca26388c37d0b1f0e0b22322d926e294a 2024-05-16
FileHash-MD5 905b4e9a2159dab45724333a0d99238f MD5 of 3dc74671768eb90463c0901570c0aae24569b573 2024-05-16
FileHash-MD5 91a5594343b47462ebd6266a9c40abbe MD5 of 1dbfcb9005abb2c83ffa6a3127257a009612798c 2024-05-16
FileHash-MD5 af8889f4705145d4390ee8d581f45436 MD5 of cf943895684c6ff8d1e922a76b71a188cfb371d7 2024-05-16
FileHash-MD5 b099b82acb860d9a9a571515024b35f0 MD5 of 35f205367e2e5f8a121925bbae6ff07626b526a7 2024-05-16
FileHash-MD5 b4096859121998c065896d3d19e46e50 MD5 of fbc43636e3c9378162f3b9712cb6d87bd48ddbd3 2024-05-16
FileHash-MD5 cb1b68d9971c2353c2d6a8119c49b51f MD5 of cbde204e7641830017bb84b89223131b2126bc46 2024-05-16
FileHash-MD5 cc3adfe6079c1420a411b72f702e7dc7 MD5 of ba3519e62618b86d10830ef256cce010014e401a 2024-05-16
FileHash-MD5 ccc172686bc7afc51349713178e2e45e MD5 of a5eec8c6aadf784994bf68d9d937bb7af3684d5c 2024-05-16
FileHash-MD5 cfb3099dd47bb7b1aad1750ab99e6cd0 MD5 of 32430b11e42edeb63a11e721927ffbabe7c9cfea 2024-05-16
FileHash-MD5 d049b6b59e3e2af6375faf01d8f62136 MD5 of de2132d7d07b0b21f3c283c68031e0dd6d2b5cbd 2024-05-16
FileHash-MD5 d115532ed6189b3f74569f8012efe110 MD5 of 2227fd6fc9d669a9b66c59593533750477669557 2024-05-16
FileHash-MD5 d7b8ad86082511485f1d95c73ae0f78a MD5 of 678d486e21b001deb58353ca0255e3e5678f9614 2024-05-16
FileHash-MD5 df230db9bddf200b24d8744ad84d80e8 MD5 of 20393222d4eb1ba72a6536f7e67e139aadfa47fe 2024-05-16
FileHash-MD5 dfca3fc4b7f4c637d7319219fcec1876 MD5 of 4b5610ac5070a7d53041cc266630028d62935e3f 2024-05-16
FileHash-MD5 dfce6f7d3a992dc2ee7fedb8dea58237 MD5 of bee79383bcc73cf1e8e938131179223adb39ac1d 2024-05-16
FileHash-MD5 e664b6f5f50d1a7991e254e5e81a683f MD5 of a08b8371ead1919500a4759c2f46553620d5a9d9 2024-05-16
FileHash-MD5 e67ab185c7663939e78db5e77facb749 MD5 of 973620a7ab28a2cba82dc2a613cd24ed43734381 2024-05-16
FileHash-MD5 e6d1dcc6c2601e592f2b03f35b06fa8f MD5 of 7c43f5df784bf50423620d8f1c96e43d8d9a9b28 2024-05-16
FileHash-MD5 ea23d67e41d1f0a7f7e7a8b59e7cb60f MD5 of 87d718f2d6e46c53490c6a22de399c13f05336f0 2024-05-16
FileHash-MD5 f7bb82b0e665b494bcebefc7351f46c5 MD5 of 0139818441431c72a1935e7f740a1cc458a63452 2024-05-16
FileHash-MD5 fd7e0ecc41735d3ba0329e1e311689f8 MD5 of c380038a57ffb8c064851b898f630312fabcbba7 2024-05-16
FileHash-MD5 ff8c3f362d7c9b9a19cfa09b4b3cfc75 MD5 of f992abe8a67120667a01b88cd5bf11ca39d491a0 2024-05-16
References (2)
↗ https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/ ↗ https://github.com/eset/malware-ioc/tree/master/turla#to-the-moon-and-backdoors-lunar-landing-in-diplomatic-missionsindicators-of-compromise