LunarWeb (6b231f41-51b7-5c78-afd5-6cb73a698045)
LunarWeb is a backdoor that has been used by Turla since at least 2020 including in a compromise of a European ministry of foreign affairs (MFA) together with LunarLoader and LunarMail. LunarWeb has only been observed deployed against servers and can use Steganography to obfuscate command and control.[ESET Turla Lunar toolset May 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Turla (47ae4fb1-fc61-4e8e-9310-66dda706e1a2) | Tidal Groups | LunarWeb (6b231f41-51b7-5c78-afd5-6cb73a698045) | Tidal Software | 1 |