Pulse Detail — Threat Intelligence

PULSE NAME

Lumma Stealer's GitHub-Based Delivery Explored via Managed Detection and Response

WHITE Stargazer Goblin Tr1sa111 2025-02-04 Modified: 2025-03-02

IOCs

MEDIUM VOLUME

↓ CSV ↓ JSON

information stealing lumma stealer

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1047 T1033 T1082 T1071 T1053 T1036 T1055 T1016 T1087 T1059 T1083 T1074 T1204 T1057 T1027 T1546 T1056 T1012 T1105

MALWARE FAMILIES

Lumma Stealer SectopRAT Vidar Cobeacon

Indicators of Compromise (36)

All URL FileHash-MD5 FileHash-SHA256 domain

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://kassalias.com	—	2025-02-04
FileHash-MD5	afdc1a1e1e934f18be28465315704a12	—	2025-02-04
FileHash-MD5	b2e581c85432bd4df6a59a00cbda1cb3	—	2025-02-04
FileHash-SHA256	80e7a9318067557b21a24d1906ab3f05a5f250eb63dde4dd8a3335908953a46a	—	2025-02-04
URL	http://192.142.10.246/login.php?event=init&id=cucumber=&data=16	—	2025-02-04
URL	http://84.200.24.26/login.php?event=init&id=underskirt==&data=16	—	2025-02-04
URL	http://91.202.233.18:9000/wbinjget?q=B2E581C85432BD4DF6A59A00CBDA1CB3	—	2025-02-04
URL	http://sacpools.com	—	2025-02-04
URL	https://afterpm.com	—	2025-02-04
URL	https://ageless-skincare.com/gn/	—	2025-02-04
URL	https://comicshopjocks.com	—	2025-02-04
URL	https://compass-point-yachts.com	—	2025-02-04
URL	https://eaholloway.com	—	2025-02-04
URL	https://enricoborino.com	—	2025-02-04
URL	https://klipcatepiu0.shop/int_clp_sha.txt	—	2025-02-04
URL	https://lakeplacidluxuryhomes.com	—	2025-02-04
URL	https://pmpdm.com	—	2025-02-04
URL	https://primetimeessentials.com	—	2025-02-04
URL	https://razorskigrips.com	—	2025-02-04
URL	https://startherehosting.net	—	2025-02-04
domain	afterpm.com	—	2025-02-04
domain	ageless-skincare.com	—	2025-02-04
domain	comicshopjocks.com	—	2025-02-04
domain	compass-point-yachts.com	—	2025-02-04
domain	eaholloway.com	—	2025-02-04
domain	enricoborino.com	—	2025-02-04
domain	ikores.sbs	—	2025-02-04
domain	kassalias.com	—	2025-02-04
domain	klipcatepiu0.shop	—	2025-02-04
domain	lakeplacidluxuryhomes.com	—	2025-02-04
domain	lumdukekiy.shop	—	2025-02-04
domain	pmpdm.com	—	2025-02-04
domain	primetimeessentials.com	—	2025-02-04
domain	razorskigrips.com	—	2025-02-04
domain	sacpools.com	—	2025-02-04
domain	startherehosting.net	—	2025-02-04

References (1)

↗ https://www.trendmicro.com/en_us/research/25/a/lumma-stealers-github-based-delivery-via-mdr.html