← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Behind the Curtain: How Lumma Affiliates Operate
WHITE Lumma celestre 2025-08-25 Modified: 2025-09-19
22
IOCs
MEDIUM VOLUME
cybercrimevpnunderground forumscryptinginfostealeraffiliatelummaanti-detect browsercraxsratstealcmeduza stealervidarproxy
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Lumma Meduza Stealer Vidar CraxsRAT Stealc
Indicators of Compromise (22)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 2bb133c52b30e2b6b3608fdc5e7d7a22 2025-08-25
FileHash-SHA1 fcb19512b31d9ece1bbe637fe18f8caf257f0a00 2025-08-25
FileHash-SHA256 b8e02f2bc0ffb42e8cf28e37a26d8d825f639079bf6d948f8debab6440ee5630 2025-08-25
URL http://94.232.249.208/6a6fe9d70500fe64/main.php 2025-08-25
domain avcheck.net 2025-08-25
domain avscan.net 2025-08-25
domain b1ackstash.cc 2025-08-25
domain bclub.cm 2025-08-25
domain c0nnect.pro 2025-08-25
domain earthsymphzony.today 2025-08-25
domain faceless.cc 2025-08-25
domain ghostsocks.net 2025-08-25
domain hector.su 2025-08-25
domain hotsocks.biz 2025-08-25
domain hotsocks.ws 2025-08-25
domain kleenscan.com 2025-08-25
domain spamir.fr 2025-08-25
domain stashpatrick.io 2025-08-25
domain techmindzs.live 2025-08-25
domain vn5socks.net 2025-08-25
domain xleet.pw 2025-08-25
hostname binsoficial666.activo.mx 2025-08-25
References (2)
↗ https://www.recordedfuture.com/research/media_146663d7945a8f6dd5a6e50a5cdde5655e178e9a3.gif?width=1200&format=pjpg&optimize=medium ↗ https://www.recordedfuture.com/research/behind-the-curtain-how-lumma-affiliates-operate