{ "type": "URL", "indicator": "https://t.me/bambardiro222", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://t.me/bambardiro222", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #326", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #7511", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain t.me", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain t.me", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4071006191, "indicator": "https://t.me/bambardiro222", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "688a0b8991950b9ff68abbe7", "name": "teams", "description": "", "modified": "2026-02-08T22:18:56.709000", "created": "2025-07-30T12:09:45.239000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 18, "FileHash-SHA1": 9, "FileHash-SHA256": 38, "URL": 49, "domain": 266, "hostname": 6 }, "indicator_count": 386, "is_author": false, "is_subscribing": null, "subscriber_count": 182, "modified_text": "111 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68340f42d5f7a341e8ad88e7", "name": "Lumma Stealer Shutdown: Global Takedown Disrupts Prolific Cybercrime Tool", "description": "A coordinated international operation led by Microsoft\u2019s Digital Crimes Unit (DCU), the U.S. Department of Justice (DOJ), Europol, and partners has dismantled the infrastructure of Lumma Stealer, a notorious Malware-as-a-Service (MaaS) platform linked to over 10 million infections and 1.7 million confirmed attacks globally. The action, announced in May 2025, resulted in the seizure of 2,300 malicious domains, sinkholing of traffic to Microsoft-controlled servers, and the suspension of Lumma\u2019s Telegram-based affiliate marketplace, crippling its ability to steal sensitive data like passwords, cryptocurrency wallets, and MFA tokens 311.\n\nLumma, developed by Russian threat actor \"Shamel,\" operated under a subscription model ($250\u2013$20,000) and was distributed via phishing campaigns, malvertising, and trojanized software. Its evasion tactics\u2014such as abuse of legitimate cloud services, encrypted C2 communications, and geofenced payloads\u2014made it a preferred tool for ransomware affiliates and credential harvesters.", "modified": "2025-05-26T06:50:42.505000", "created": "2025-05-26T06:50:42.505000", "tags": [ "lummac2", "bitsight", "windows", "steam profile", "lummac2 iocs", "lumma stealer", "malware", "redline", "meta", "bitsight trace", "telegram", "steam", "service", "lumma" ], "references": [ "https://www.bitsight.com/blog/lumma-stealer-is-out-of-business", "https://raw.githubusercontent.com/bitsight-research/threat_research/refs/heads/main/lumma/lumma_iocs.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Bitsight", "display_name": "Bitsight", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1135, "hostname": 3, "URL": 97 }, "indicator_count": 1235, "is_author": false, "is_subscribing": null, "subscriber_count": 539, "modified_text": "370 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.bitsight.com/blog/lumma-stealer-is-out-of-business", "https://raw.githubusercontent.com/bitsight-research/threat_research/refs/heads/main/lumma/lumma_iocs.csv" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Lumma", "Bitsight" ], "industries": [], "unique_indicators": 1626 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/t.me", "whois": "http://whois.domaintools.com/t.me", "domain": "t.me", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "688a0b8991950b9ff68abbe7", "name": "teams", "description": "", "modified": "2026-02-08T22:18:56.709000", "created": "2025-07-30T12:09:45.239000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 18, "FileHash-SHA1": 9, "FileHash-SHA256": 38, "URL": 49, "domain": 266, "hostname": 6 }, "indicator_count": 386, "is_author": false, "is_subscribing": null, "subscriber_count": 182, "modified_text": "111 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68340f42d5f7a341e8ad88e7", "name": "Lumma Stealer Shutdown: Global Takedown Disrupts Prolific Cybercrime Tool", "description": "A coordinated international operation led by Microsoft\u2019s Digital Crimes Unit (DCU), the U.S. Department of Justice (DOJ), Europol, and partners has dismantled the infrastructure of Lumma Stealer, a notorious Malware-as-a-Service (MaaS) platform linked to over 10 million infections and 1.7 million confirmed attacks globally. The action, announced in May 2025, resulted in the seizure of 2,300 malicious domains, sinkholing of traffic to Microsoft-controlled servers, and the suspension of Lumma\u2019s Telegram-based affiliate marketplace, crippling its ability to steal sensitive data like passwords, cryptocurrency wallets, and MFA tokens 311.\n\nLumma, developed by Russian threat actor \"Shamel,\" operated under a subscription model ($250\u2013$20,000) and was distributed via phishing campaigns, malvertising, and trojanized software. Its evasion tactics\u2014such as abuse of legitimate cloud services, encrypted C2 communications, and geofenced payloads\u2014made it a preferred tool for ransomware affiliates and credential harvesters.", "modified": "2025-05-26T06:50:42.505000", "created": "2025-05-26T06:50:42.505000", "tags": [ "lummac2", "bitsight", "windows", "steam profile", "lummac2 iocs", "lumma stealer", "malware", "redline", "meta", "bitsight trace", "telegram", "steam", "service", "lumma" ], "references": [ "https://www.bitsight.com/blog/lumma-stealer-is-out-of-business", "https://raw.githubusercontent.com/bitsight-research/threat_research/refs/heads/main/lumma/lumma_iocs.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Bitsight", "display_name": "Bitsight", "target": null }, { "id": "Lumma", "display_name": "Lumma", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1135, "hostname": 3, "URL": 97 }, "indicator_count": 1235, "is_author": false, "is_subscribing": null, "subscriber_count": 539, "modified_text": "370 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://t.me/bambardiro222", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://t.me/bambardiro222", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780254839.0388246 }