ioc[.]one - OSINT Cyber Threat Intelligence Database

GitHub Scanner — Lumma Stealer Threat Intel

Tags

cmtmf-attack-pattern:	Application Layer Protocol Automated Exfiltration Process Injection
country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Data From Local System - T1533 Debugger Evasion - T1622 Domains - T1583.001 Domains - T1584.001 Gather Victim Host Information - T1592 Impair Defenses - T1562 Impair Defenses - T1629 Javascript - T1059.007 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Web Protocols - T1071.001 Web Protocols - T1437.001 Virtualization/Sandbox Evasion - T1497 Virtualization/Sandbox Evasion - T1633 Standard Application Layer Protocol - T1071 Automated Collection - T1119 Automated Exfiltration - T1020 Browser Extensions - T1176 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Powershell - T1086 Process Injection - T1055 System Information Discovery - T1082 User Execution - T1204 Automated Collection User Execution

Show in Graph

Common Information

Type	Value
UUID	3a46fffe-9abc-4635-8cf7-5ec4456c7672
Fingerprint	e4d8ccd5ef3f8e53
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 1, 2024, 11:39 a.m.
Added to db	Oct. 1, 2024, 2:36 p.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	GitHub Scanner — Lumma Stealer Threat Intel
Title	GitHub Scanner — Lumma Stealer Threat Intel
Detected Hints/Tags/Attributes	76/4/61

Source URLs

	Redirection	Url
Details	Redirection	https://sdsec12.com/github-scanner-lumma-stealer-threat-intel-bb6526453f4e?source=rss------cybersecurity-5
Details	Redirection	https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fsdsec12.com%2Fgithub-scanner-lumma-stealer-threat-intel-bb6526453f4e%3Fsource%3Drss------cybersecurity-5
Details	Source	https://sdsec12.com/github-scanner-lumma-stealer-threat-intel-bb6526453f4e?gi=01c03b03f35b&source=rss------cybersecurity-5
Details	Redirection	https://medium.com/@sdsec12/github-scanner-lumma-stealer-threat-intel-bb6526453f4e?source=rss------cybersecurity-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com
Details	sdsec12.com	sdsec12.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	167	✔	Cybersecurity on Medium	https://medium.com/feed/tag/cybersecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	15	github-scanner.com
Details	Domain	4	eemmbryequo.shop
Details	Domain	4	keennylrwmqlw.shop
Details	Domain	4	licenseodqwmqn.shop
Details	Domain	4	reggwardssdqw.shop
Details	Domain	4	relaxatinownio.shop
Details	Domain	4	tendencctywop.shop
Details	Domain	4	tesecuuweqo.shop
Details	Domain	4	tryyudjasudqo.shop
Details	Domain	1	alcojoldwograpciw.shop
Details	Domain	1	productivelookewr.shop
Details	Domain	1	tolerateilusidjukl.shop
Details	Domain	1	shatterbreathepsw.shop
Details	Domain	1	shortsvelventysjo.shop
Details	Domain	1	liabilitynighstjsko.shop
Details	Domain	1	demonstationfukewko.shop
Details	Domain	2	netovrema.pw
Details	Domain	3	opposesicknessopw.pw
Details	Domain	3	politefrightenpowoa.pw
Details	Domain	3	chincenterblandwka.pw
Details	Domain	1	loogsporus.pw
Details	Domain	1	meayyammgaterre.pw
Details	Domain	1	setup-win-x86-x64.exe.zip
Details	Domain	4127	github.com
Details	Email	3	notifications@github.com
Details	File	10	download.txt
Details	File	1	setup-win-x86-x64.exe
Details	File	10	l6e.exe
Details	File	8	syssetup.exe
Details	File	31	tmp.exe
Details	md5	1	4b5450d05fe036f720cc7384f400b0fb
Details	sha256	4	d737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207
Details	sha256	4	d932ee10f02ea5bb60ed867d9687a906f1b8472f01fc5543b06f9ab22059b264
Details	sha256	1	48cbeb1b1ca0a7b3a9f6ac56273fbaf85e78c534e26fb2bca1152ecd7542af54
Details	sha256	1	483672a00ea676236ea423c91d576542dc572be864a4162df031faf35897a532
Details	sha256	1	01a23f8f59455eb97f55086c21be934e6e5db07e64acb6e63c8d358b763dab4f
Details	sha256	1	7603c6dd9edca615d6dc3599970c203555b57e2cab208d87545188b57aa2c6b1
Details	sha256	2	674d96c42621a719007e64e40ad451550da30d42fd508f6104d7cb65f19cba51
Details	IPv4	1	172.67.157.23
Details	IPv4	1	104.21.48.243
Details	IPv4	6	144.76.173.247
Details	IPv4	3	45.9.74.78
Details	IPv4	5	77.73.134.68
Details	IPv4	2	82.117.255.127
Details	IPv4	2	82.117.255.80
Details	IPv4	3	82.118.23.50
Details	IPv4	5	195.123.226.91
Details	MITRE ATT&CK Techniques	50	T1592
Details	MITRE ATT&CK Techniques	17	T1660
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	52	T1622
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	235	T1562
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	111	T1119
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	102	T1020
Details	Url	1	https://github-scanner.com/download.txt