← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malvertising campaign leads to info stealers hosted on GitHub
WHITE Storm-0408 AlienVault 2025-03-06 Modified: 2025-04-05
310
IOCs
HIGH VOLUME
A large-scale malvertising campaign impacting nearly one million devices globally was detected in December 2024. The attack originated from illegal streaming websites with embedded malvertising redirectors, leading users through multiple redirections to malware hosted on GitHub and other platforms. The multi-stage attack chain involved deploying information stealers like Lumma and Doenerium, as well as remote access tools. The threat actors used living-off-the-land techniques and various scripts to collect system information, exfiltrate data, and establish persistence. The campaign affected both consumer and enterprise devices across multiple industries, highlighting its indiscriminate nature.
doeneriumlumma stealerinformation stealergithublummamalvertisingliving-off-the-landnetsupport ratmulti-stage attack
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Lumma stealer Doenerium NetSupport RAT
Indicators of Compromise (41 / 310 total)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 1020a19c39f8af7d0805ff073f1f99c2 2025-03-06
FileHash-MD5 01ae3fa298b448efa84f4e9313129dcc 2025-03-06
FileHash-MD5 03fa7409474741405b99efb93d7c5c6d 2025-03-06
FileHash-MD5 0588ce0c39da3283e779c1d5b21d283b 2025-03-06
FileHash-MD5 0af30d6b9199431a1f4845ec9c6d7edc 2025-03-06
FileHash-MD5 0b09c88c0c8d15bed51a9eb4440f4bb0 2025-03-06
FileHash-MD5 0fa27d2553f24da79d1cc6bd8773ee9a 2025-03-06
FileHash-MD5 1676b926564776e931eb4126d09e79a6 2025-03-06
FileHash-MD5 1e047b85b671cc99d941c13865f069db 2025-03-06
FileHash-MD5 28cd7492facfd54e11d48e52398aefa7 2025-03-06
FileHash-MD5 30013cbbb16a7fd3c57f82707fb99c32 2025-03-06
FileHash-MD5 30d6c83a715bddb32e7956fe52d6b352 2025-03-06
FileHash-MD5 3a9c76f8304f77bd271921d9982f1ab6 2025-03-06
FileHash-MD5 4b140d83273039f7aa1130329bee088c 2025-03-06
FileHash-MD5 518372d24903baa0698c288be79f92f0 2025-03-06
FileHash-MD5 54f215c05c32358dda18c43500366ff1 2025-03-06
FileHash-MD5 62d09f076e6e0240548c2f837536a46a 2025-03-06
FileHash-MD5 65eba03dde6fcc879b41ff280ce0cd50 2025-03-06
FileHash-MD5 6a2b1d09f72b5b1c0ae2547041baafb4 2025-03-06
FileHash-MD5 6ae17b0bddda685eaa622cef4ba2e805 2025-03-06
FileHash-MD5 6ee7ddebff0a2b78c7ac30f6e00d1d11 2025-03-06
FileHash-MD5 856fcc25696a214f54af0d37de84d818 2025-03-06
FileHash-MD5 87c00f1acf63055d91d72e2c3459170a 2025-03-06
FileHash-MD5 909dabb4b6591ddcbe2df0395650dcca 2025-03-06
FileHash-MD5 99c735aabef129a97d8955a22b01ea5c 2025-03-06
FileHash-MD5 9c02a5f98c5df33e4817c413be029e9a 2025-03-06
FileHash-MD5 9e44715645e849a48e186649ef8f08ce 2025-03-06
FileHash-MD5 9f806b4cfb07466213c1c9162dc62cd7 2025-03-06
FileHash-MD5 a2d70fbab5181a509369d96b682fc641 2025-03-06
FileHash-MD5 a39790695436188abacf7e420966165d 2025-03-06
FileHash-MD5 b6119266bdeb3a798ac44d08de59153e 2025-03-06
FileHash-MD5 c4f1b50e3111d29774f7525039ff7086 2025-03-06
FileHash-MD5 c6a62626ea051377284bd77daebdf232 2025-03-06
FileHash-MD5 d0057fdbcb56a46ffd6ec1d28ebf5007 2025-03-06
FileHash-MD5 d024ff2fc7acb7c172f0ba38a9fbc2c3 2025-03-06
FileHash-MD5 d1d6a581049df18ac3b675230e04311b 2025-03-06
FileHash-MD5 d4d9c64ea5263f03aa6faf643a37547d 2025-03-06
FileHash-MD5 dad8fab580da446a381803468ebbc41b 2025-03-06
FileHash-MD5 eba109e9ba83ff2053aace95c2036342 2025-03-06
FileHash-MD5 f9530dacc8870ed32d19e3eaaf0cc891 2025-03-06
FileHash-MD5 fb2d69a2f0bb28de6bfbc7cfe1b2763b 2025-03-06
References (1)
↗ https://www.microsoft.com/en-us/security/blog/2025/03/06/malvertising-campaign-leads-to-info-stealers-hosted-on-github/