← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
To the Moon and back(doors): Lunar landing in diplomatic missions
WHITE Turla bluenumberone 2024-05-16 Modified: 2024-06-15
347
IOCs
HIGH VOLUME
ESET Research has identified two backdoors used by the infamous Russian-aligned cyberespionage group, Turla, to compromise European diplomatic institutions in the Middle East and other parts of the world.
lunarweblunarmailstrongc servereset researchturlastageoutlookaes256httppowershellpersistencewin64formatfirsttipssnakedefensesmskeystagesloaderlightneuronexecutioneburywebglobelunarloadergazer loaderwelivesecuritycryptocompromiseltmanagercarbongazermosquitoarmeniastardllinjectordroppercomratcrutchfooter
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Turla Webglobe LunarLoader LunarWeb LunarMail
Indicators of Compromise (25 / 347 total)
All hostname URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain email
TYPEINDICATORDESCRIPTIONCREATED
URL http://www.aviasiya.com/murad.by/life/wp-content/plugins/wp-accounting/inc/pages/page-search.php 2024-05-16
URL http://134.209.222.206:15363 2024-05-16
URL http://169.255.137.203/rss_0.php 2024-05-16
URL http://217.171.86.137/config.php 2024-05-16
URL http://217.171.86.137/rss_0.php 2024-05-16
URL http://85.222.235.156:8000 2024-05-16
URL http://aiisa.am/js/chatem/js_rA9bo8_O3Pnw_5wJXExNhtkUMdfBYCifTJctEJ8C_Mg.js 2024-05-16
URL http://ales.ball-mill.es/ckfinder/core/connector/php/php4/CommandHandler/CommandHandler.php 2024-05-16
URL http://baby.greenweb.co.il/wp-content/themes/san-kloud/admin.php 2024-05-16
URL http://daybreakhealthcare.co.uk/wp-includes/themees.php 2024-05-16
URL http://dyskurs.com.ua/wp-admin/includes/map-menu.php 2024-05-16
URL http://giadinhvabe.net/wp-content/themes/viettemp/out/css/class.php 2024-05-16
URL http://mnp.nkr.am/wp-includes/js/jquery/jquery-migrate.min.js 2024-05-16
URL http://outletpiumini.springwaterfeatures.com/wp-includes/pomo/settings.php 2024-05-16
URL http://shinestars-lifestyle.com/old_shinstar/includes/old/front_footer.old.php 2024-05-16
URL http://simplecreative.design/wp-content/plugins/calculated-fields-form/single.php 2024-05-16
URL http://skategirlchina.com/wp-includes/data_from_db_top.php 11951da7547cac597cd15cfa17a45a2ae8dc4c7b8e44435b8f3e36c541a0a790 2024-05-16
URL http://skategirlchina.com/wp-includes/ms-locale.php 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0 2024-05-16
URL http://soligro.com/wp-includes/pomo/db.php beab79184bf1fca1f52ff3761f8a533827106fef3749c6c9c9a3e7eec619a226 2024-05-16
URL http://sonneteck.com/wp-content/plugins/yith-woocommerce-wishlist/plugin-fw/licence/templates/panel/activation/activation.php 2024-05-16
URL http://tekfordummies.com/wp-content/plugins/social-auto-poster/includes/libraries/delicious/Delicious.php 2024-05-16
URL http://warrixmalaysia.com.my/wp-content/plugins/jetpack/modules/contact-form/grunion-table-form.php 2024-05-16
URL http://weandcats.com/wp-content/plugins/broken-link-checker/modules/checkers/http-module.php` 2024-05-16
URL http://www.armconsul.ru/user/themes/ayeps/dist/js/bundle.0eb0f2cb2808b4b35a94.js 2024-05-16
URL http://zerogov.com/wp-content/plugins.deactivate/paypal-donations/src/PaypalDonations/SimpleSubsribe.php 2024-05-16
References (2)
↗ https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/ ↗ https://github.com/eset/malware-ioc/tree/master/turla#to-the-moon-and-backdoors-lunar-landing-in-diplomatic-missionsindicators-of-compromise