← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malvertising campaign leads to info stealers hosted on GitHub
WHITE Storm-0408 AlienVault 2025-03-06 Modified: 2025-04-05
310
IOCs
HIGH VOLUME
A large-scale malvertising campaign impacting nearly one million devices globally was detected in December 2024. The attack originated from illegal streaming websites with embedded malvertising redirectors, leading users through multiple redirections to malware hosted on GitHub and other platforms. The multi-stage attack chain involved deploying information stealers like Lumma and Doenerium, as well as remote access tools. The threat actors used living-off-the-land techniques and various scripts to collect system information, exfiltrate data, and establish persistence. The campaign affected both consumer and enterprise devices across multiple industries, highlighting its indiscriminate nature.
doeneriumlumma stealerinformation stealergithublummamalvertisingliving-off-the-landnetsupport ratmulti-stage attack
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Lumma stealer Doenerium NetSupport RAT
Indicators of Compromise (47 / 310 total)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 89ce81f74c3498b5b59a259882903f40e13a7424 2025-03-06
FileHash-SHA1 07728484b1bb8702a87c6e5a154e0d690af2ff38 2025-03-06
FileHash-SHA1 0c57d94903012f3619978954777eed9d943ede2e 2025-03-06
FileHash-SHA1 189e4f0c57824a4b060334ee120417fca776d2a9 2025-03-06
FileHash-SHA1 1cbd44f5eed0d2276ad7d3a3b2147b8749a70cdf 2025-03-06
FileHash-SHA1 1f264a47972d63db2cde18dc8311bc46551380eb 2025-03-06
FileHash-SHA1 22afcdc180400c4d2b9e5a6db2b8a26bff54dd38 2025-03-06
FileHash-SHA1 26bdbc63af8abae9a8fb6ec0913a307ef6614cf2 2025-03-06
FileHash-SHA1 28bdb437225dcc978fd1b037d76a7028437f1205 2025-03-06
FileHash-SHA1 2e3ea061bac71f40040a84deb399f8ce7683f4b8 2025-03-06
FileHash-SHA1 4888af196b58495b99d75fbcdb4f56777ee731a2 2025-03-06
FileHash-SHA1 5057727f3b6a92a5692581bc0d483bbe426c0e7d 2025-03-06
FileHash-SHA1 51fdef10c5aadd9da387464a016223ce1fef0f1d 2025-03-06
FileHash-SHA1 561620a3f0bf4fb96898a99252b85b00c468e5af 2025-03-06
FileHash-SHA1 57539c95cba0986ec8df0fcdea433e7c71b724c6 2025-03-06
FileHash-SHA1 5857f0fdc2d30fd8502a9f32b9487615a117ee5d 2025-03-06
FileHash-SHA1 6464d7b0a008d97096e383ae72b3b09d6ea0b2ec 2025-03-06
FileHash-SHA1 646eaa9ff2313f6b6fbed9a4cf001ecbb54dd62e 2025-03-06
FileHash-SHA1 686b7ebba606303b5085633fcaa0685272b4d9b9 2025-03-06
FileHash-SHA1 74a8215a54f52f792d351d66bd56a0ac626474fb 2025-03-06
FileHash-SHA1 74df2582af3780d81a8071e260c2b04259efc35a 2025-03-06
FileHash-SHA1 79cdd44444d49b22b035fb0e695f0032c002479f 2025-03-06
FileHash-SHA1 7a980042c27948a61abefeca70ab9f10d4c6d9ca 2025-03-06
FileHash-SHA1 7d49b185f2066f9a446b8294690e2a28bd305fc8 2025-03-06
FileHash-SHA1 7e23e9ffbdfd30537546385e5cd475f58b06e7ae 2025-03-06
FileHash-SHA1 8137f599ac036b0eaae9486158e40e90ebdbce94 2025-03-06
FileHash-SHA1 8139f07b57a1d71b60d32cba52167aa824afad2a 2025-03-06
FileHash-SHA1 898424a3de1b502048a1e3067a1479e73e8de41b 2025-03-06
FileHash-SHA1 901f3fe4e599cd155132ce2b6bf3c5f6d1e0387c 2025-03-06
FileHash-SHA1 93cca2d736bdcc73f6792901c029bb2ce686d8a0 2025-03-06
FileHash-SHA1 94c21e6384f2ffb72bd856c1c40b788f314b5298 2025-03-06
FileHash-SHA1 9aa33f4aa4ca0808e7eb1a707b0fc445e6b8d52d 2025-03-06
FileHash-SHA1 a4fc30bc46a6ac9313ef195dc216e2b19b9ac5b7 2025-03-06
FileHash-SHA1 b810623dacccf6a48a0c1b2d4a4061cb99c62de3 2025-03-06
FileHash-SHA1 be7156bd07dd7f72521fae4a3d6f46c48dd2ce9e 2025-03-06
FileHash-SHA1 c45a27f484dc96e2b9011bdd7c645a7c6b78c070 2025-03-06
FileHash-SHA1 c5e22fab8ad067d9c9d0436c97ca473491aebd21 2025-03-06
FileHash-SHA1 c648e6b48dba20a608f7fd1030052009fc4e4260 2025-03-06
FileHash-SHA1 c855f7541e50c98a5ae09f840fa06badb97ab46c 2025-03-06
FileHash-SHA1 da7faa6114ced81b4793b04e2c3ff9964cd72252 2025-03-06
FileHash-SHA1 e19a5165502986585146b759e3b60ebb68168bb5 2025-03-06
FileHash-SHA1 e4fc1195616420cd63fce11d5a229f4602573327 2025-03-06
FileHash-SHA1 e81435c694333b05c13090229e10cd453c99ab1a 2025-03-06
FileHash-SHA1 e9007755cfe5643d18618786de1995914098307f 2025-03-06
FileHash-SHA1 f2f57024c7cc3f9ff5f999ee20c4f5c38bfc20a2 2025-03-06
FileHash-SHA1 fa6146f1fdad58b8db08411c459cb70acf82846d 2025-03-06
FileHash-SHA1 fd79908540ba4abf2beeeb7e93705b8bd8c6609f 2025-03-06
References (1)
↗ https://www.microsoft.com/en-us/security/blog/2025/03/06/malvertising-campaign-leads-to-info-stealers-hosted-on-github/