Skip to content

Hide Navigation Hide TOC

LunarLoader (e8e81e32-27b4-5830-94cb-a07ca1124296)

LunarLoader is the loader component for the LunarWeb and LunarMail backdoors that has been used by Turla since at least 2020 including against a European ministry of foreign affairs (MFA). LunarLoader has been observed as a standalone and as a part of trojanized open-source software such as AdmPwd.[ESET Turla Lunar toolset May 2024]

Cluster A Galaxy A Cluster B Galaxy B Level
Turla (47ae4fb1-fc61-4e8e-9310-66dda706e1a2) Tidal Groups LunarLoader (e8e81e32-27b4-5830-94cb-a07ca1124296) Tidal Software 1