← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Behind the Curtain: How Lumma Affiliates Operate
WHITE Lumma Tr1sa111 2025-08-21 Modified: 2025-09-19
22
IOCs
MEDIUM VOLUME
cybercrimevpnunderground forumscryptinginfostealeraffiliatelummaanti-detect browsercraxsratstealcmeduza stealervidarproxy
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Lumma Meduza Stealer Vidar CraxsRAT Stealc
Indicators of Compromise (22)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 2bb133c52b30e2b6b3608fdc5e7d7a22 2025-08-21
FileHash-SHA1 fcb19512b31d9ece1bbe637fe18f8caf257f0a00 2025-08-21
FileHash-SHA256 b8e02f2bc0ffb42e8cf28e37a26d8d825f639079bf6d948f8debab6440ee5630 2025-08-21
URL http://94.232.249.208/6a6fe9d70500fe64/main.php 2025-08-21
domain avcheck.net 2025-08-21
domain avscan.net 2025-08-21
domain b1ackstash.cc 2025-08-21
domain bclub.cm 2025-08-21
domain c0nnect.pro 2025-08-21
domain earthsymphzony.today 2025-08-21
domain faceless.cc 2025-08-21
domain ghostsocks.net 2025-08-21
domain hector.su 2025-08-21
domain hotsocks.biz 2025-08-21
domain hotsocks.ws 2025-08-21
domain kleenscan.com 2025-08-21
domain spamir.fr 2025-08-21
domain stashpatrick.io 2025-08-21
domain techmindzs.live 2025-08-21
domain vn5socks.net 2025-08-21
domain xleet.pw 2025-08-21
hostname binsoficial666.activo.mx 2025-08-21
References (2)
↗ https://www.recordedfuture.com/research/media_146663d7945a8f6dd5a6e50a5cdde5655e178e9a3.gif?width=1200&format=pjpg&optimize=medium ↗ https://www.recordedfuture.com/research/behind-the-curtain-how-lumma-affiliates-operate