← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
LummaC2 Stealware
WHITE feisty-swim1410 2023-11-16 Modified: 2023-12-16
82
IOCs
HIGH VOLUME
The LummaC2 stealer malware strain has been identified as being used by threat actors operating under different aliases, according to a report published by the UK-based security firm Verdant.
redlinesectopratlummac2
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
RedLine SectopRAT LummaC2
Indicators of Compromise (82)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
domain gapi-node.io 2023-11-16
domain gstatic-node.io 2023-11-16
domain quotamoney.xyz 2023-11-16
FileHash-MD5 027a16a9aecd317fd3feedd4b1486187 MD5 of 51925d36298a3d9ceac6067fdc1ba1f799ef5c53553be95d6827192df0700d80 2023-11-16
FileHash-SHA1 572ad2a0e80837d4ed20039b36257d1bba9886fc SHA1 of 51925d36298a3d9ceac6067fdc1ba1f799ef5c53553be95d6827192df0700d80 2023-11-16
FileHash-SHA256 51925d36298a3d9ceac6067fdc1ba1f799ef5c53553be95d6827192df0700d80 2023-11-16
FileHash-MD5 009bfb420e8cd24a515cfcae6145adcd MD5 of 0dc2ed3a68353261b09be0a93070ccfb23f48786be6ba548ed0f9c373befe110 2023-11-16
FileHash-MD5 054fce55b83e4aa47ef86b089aa09e3b MD5 of 72d2536c7a849a18bee4c3b574873371f05e8fcbd31f2b922f3231dbdce3f632 2023-11-16
FileHash-MD5 0ee75901470dc0d952731eb2b8909341 MD5 of 1522a865e9d583c3581fc19cafef5a41a7c7d0f759aaead3364045f300202305 2023-11-16
FileHash-MD5 1a8aa05fdf4be819c8fcfd84359330d1 MD5 of 4d5d3f9967db0ed61f9e48de6bab3f5b0a9f30e58da52e8b0dd8601e908f4743 2023-11-16
FileHash-MD5 64017a99d238be89c07e71c1b2234fd5 MD5 of 33c1d451e3a186d8734b27319b80036976cca882a6c531ddde9ad814cf42ef93 2023-11-16
FileHash-MD5 98d68558f566110c2b6faeafee60f8ed MD5 of 6e04b543db11048a0b57fe786c0c52441ded217252cd6564fc63ff84ee486f10 2023-11-16
FileHash-MD5 e07aa33f0e6aec02240a232e71b7e741 MD5 of c9094685ae4851fd5a5b886b73c7b07efd9b47ea0bdae3f823d035cf1b3b9e48 2023-11-16
FileHash-MD5 ebac06e859dd555bbb5012fcdb9c6528 MD5 of 93015b567e5ba8266205fb1183a6a26a3b950b67fd1366639ae232206d972f77 2023-11-16
FileHash-SHA1 2106fc1e0f83df0f658934129a5a374948cc97a0 SHA1 of c9094685ae4851fd5a5b886b73c7b07efd9b47ea0bdae3f823d035cf1b3b9e48 2023-11-16
FileHash-SHA1 282dd3d008f4b4272111c31d0089b595d3e5b7bb SHA1 of 93015b567e5ba8266205fb1183a6a26a3b950b67fd1366639ae232206d972f77 2023-11-16
FileHash-SHA1 7419adab699c1f9e2efecc9a5e311fa3db58ae95 SHA1 of 0dc2ed3a68353261b09be0a93070ccfb23f48786be6ba548ed0f9c373befe110 2023-11-16
FileHash-SHA1 7b6545a0e9707b7ed1c75178a359b1b5a49503bf SHA1 of 4d5d3f9967db0ed61f9e48de6bab3f5b0a9f30e58da52e8b0dd8601e908f4743 2023-11-16
FileHash-SHA1 9437c6d4240d47163f1c259c21a9622344affe08 SHA1 of 1522a865e9d583c3581fc19cafef5a41a7c7d0f759aaead3364045f300202305 2023-11-16
FileHash-SHA1 c050a7506995a91562dc2bb69f12a66ca586675d SHA1 of 33c1d451e3a186d8734b27319b80036976cca882a6c531ddde9ad814cf42ef93 2023-11-16
FileHash-SHA1 c53c694c0c0e99d31da73d1ef15e83e501f4fa10 SHA1 of 6e04b543db11048a0b57fe786c0c52441ded217252cd6564fc63ff84ee486f10 2023-11-16
FileHash-SHA1 ef7b6e026c045e5fb7989db1feb4f21e5c8c49e6 SHA1 of 72d2536c7a849a18bee4c3b574873371f05e8fcbd31f2b922f3231dbdce3f632 2023-11-16
FileHash-SHA256 04b99b0b9a0e98d04478003c86bf4fa3d20c56313c716b62e7be74ae7b95bf70 2023-11-16
FileHash-SHA256 0dc2ed3a68353261b09be0a93070ccfb23f48786be6ba548ed0f9c373befe110 2023-11-16
FileHash-SHA256 1522a865e9d583c3581fc19cafef5a41a7c7d0f759aaead3364045f300202305 2023-11-16
FileHash-SHA256 1a773948b5f177ca2e4561213ba2edeb08d4eeb05bd24635a1e7a2cbcd377bdd 2023-11-16
FileHash-SHA256 1d9d5cfc8ad162af6100cf3311f83608dab90bb8b3f41ccf9fc441718dd33970 2023-11-16
FileHash-SHA256 30efcdccc49589dc32e51f2f8fc269f45d5eb62dfafa3886f685cdd2214dd35f 2023-11-16
FileHash-SHA256 3347cc0b67cd8ad857d8f24b18a4c66776b1da6dbaac9b8fa077bda8218c73ab 2023-11-16
FileHash-SHA256 33c1d451e3a186d8734b27319b80036976cca882a6c531ddde9ad814cf42ef93 2023-11-16
FileHash-SHA256 42d504e5df2c5ab253c8cdc8dbd7332a0714789af1822946db74d8eb951da162 2023-11-16
FileHash-SHA256 4d5d3f9967db0ed61f9e48de6bab3f5b0a9f30e58da52e8b0dd8601e908f4743 2023-11-16
FileHash-SHA256 6e04b543db11048a0b57fe786c0c52441ded217252cd6564fc63ff84ee486f10 2023-11-16
FileHash-SHA256 72d2536c7a849a18bee4c3b574873371f05e8fcbd31f2b922f3231dbdce3f632 2023-11-16
FileHash-SHA256 79805092438a2e9b753b68a4cc97ad2107b68935f16903f38456e9b39e0ac3d3 2023-11-16
FileHash-SHA256 89014afb1dd2e694a44fe07caaa14e3878db7fff54c514937611757d1a1bc2c6 2023-11-16
FileHash-SHA256 93015b567e5ba8266205fb1183a6a26a3b950b67fd1366639ae232206d972f77 2023-11-16
FileHash-SHA256 c57b363df437c5ee108e0be22d63d6e2e8dc417246e3b13b18f3562cec2c5073 2023-11-16
FileHash-SHA256 c9094685ae4851fd5a5b886b73c7b07efd9b47ea0bdae3f823d035cf1b3b9e48 2023-11-16
FileHash-SHA256 f82a842c7d83381049ee3b1f29e54c80e08da5ecbb27101629efc615eca9fb61 2023-11-16
FileHash-SHA256 fb307e61f4ba0a09a023250422038b885d6926e9aa2027bcf56914d7a6a2f76a 2023-11-16
URL http://acexoss.xyz/ 2023-11-16
URL http://balancelag.xyz/ 2023-11-16
URL http://checkgoods.xyz/ 2023-11-16
URL http://coolvtf.xyz/ 2023-11-16
URL http://costexcise.xyz/ 2023-11-16
URL http://coursenote.xyz/ 2023-11-16
URL http://doorblu.xyz/ 2023-11-16
URL http://fisholl.xyz/ 2023-11-16
URL http://freeace.xyz/ 2023-11-16
URL http://frogswordsale.xyz/ 2023-11-16
URL http://gapi-node.io/ 2023-11-16
URL http://gitarlessonfinger.xyz/ 2023-11-16
URL http://glitchmoon.xyz/ 2023-11-16
URL http://goldenwalstk.xyz/ 2023-11-16
URL http://marketsale.xyz/ 2023-11-16
URL http://netforyou.xyz/ 2023-11-16
URL http://quotamoney.xyz/ 2023-11-16
URL http://singlesfree.xyz/ 2023-11-16
URL http://survviv.xyz/ 2023-11-16
URL http://woodcat.xyz/ 2023-11-16
domain acexoss.xyz 2023-11-16
domain balancelag.xyz 2023-11-16
domain checkgoods.xyz 2023-11-16
domain coolvtf.xyz 2023-11-16
domain costexcise.xyz 2023-11-16
domain coursenote.xyz 2023-11-16
domain doorblu.xyz 2023-11-16
domain fisholl.xyz 2023-11-16
domain freeace.xyz 2023-11-16
domain frogswordsale.xyz 2023-11-16
domain gitarlessonfinger.xyz 2023-11-16
domain glitchmoon.xyz 2023-11-16
domain goldenwalstk.xyz 2023-11-16
domain marketsale.xyz 2023-11-16
domain netforyou.xyz 2023-11-16
domain singlesfree.xyz 2023-11-16
domain solopodvip-my.xyz 2023-11-16
domain survviv.xyz 2023-11-16
domain traftech.pro 2023-11-16
domain woodcat.xyz 2023-11-16
hostname 18866-32530.bacloud.info 2023-11-16
References (1)
↗ https://www.quorumcyber.com/wp-content/uploads/2023/09/Quorum-Cyber-Lumma-Stealer-Malware-Report-TI.pdf