LunarMail (8fa2c759-a03f-5044-a125-0b66fba054de)
LunarMail is a backdoor that has been used by Turla since at least 2020 including in a compromise of a European ministry of foreign affairs (MFA) in conjunction with LunarLoader and LunarWeb. LunarMail is designed to be deployed on workstations and can use email messages and Steganography in command and control.[ESET Turla Lunar toolset May 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| LunarMail (8fa2c759-a03f-5044-a125-0b66fba054de) | Tidal Software | Turla (47ae4fb1-fc61-4e8e-9310-66dda706e1a2) | Tidal Groups | 1 |