ioc[.]one - OSINT Cyber Threat Intelligence Database

Your Data Is Under New Lummanagement: The Rise of LummaStealer

Tags

cmtmf-attack-pattern:	Acquire Infrastructure Boot Or Logon Autostart Execution Command And Scripting Interpreter Masquerading Obfuscated Files Or Information Obtain Capabilities Stage Capabilities
country:	China France
maec-delivery-vectors:	Watering Hole
attack-pattern:	Acquire Infrastructure Data Direct Model Acquire Infrastructure - T1583 Autohotkey & Autoit - T1059.010 Boot Or Logon Autostart Execution - T1547 Cdns - T1596.004 Command And Scripting Interpreter - T1623 Command Obfuscation - T1027.010 Credentials - T1589.001 Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Drive-By Compromise - T1456 Encrypted/Encoded File - T1027.013 Exfiltration Over C2 Channel - T1646 Hardware - T1592.001 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Impersonation - T1656 Javascript - T1059.007 Link Target - T1608.005 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Mshta - T1218.005 Obtain Capabilities - T1588 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Registry Run Keys / Startup Folder - T1547.001 Rundll32 - T1218.011 Social Media - T1593.001 Software - T1592.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 Spearphishing Via Service - T1566.003 Stage Capabilities - T1608 Visual Basic - T1059.005 Tool - T1588.002 Upload Malware - T1608.001 Automated Collection - T1119 Browser Extensions - T1176 Command-Line Interface - T1059 Data Encoding - T1132 Dll Side-Loading - T1073 Drive-By Compromise - T1189 Exfiltration Over Command And Control Channel - T1041 Masquerading - T1036 Mshta - T1170 Obfuscated Files Or Information - T1027 Powershell - T1086 Registry Run Keys / Start Folder - T1060 Rundll32 - T1085 Spearphishing Link - T1192 Spearphishing Via Service - T1194 User Execution - T1204 Automated Collection Drive-By Compromise Masquerading User Execution

Show in Graph

Common Information

Type	Value
UUID	e042e204-588e-4238-b927-c556292f47d8
Fingerprint	84051809e1b7a741
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 1, 2024, midnight
Added to db	Dec. 17, 2024, 7:36 p.m.
Last updated	Dec. 18, 2024, 3:14 p.m.
Headline	Your Data Is Under New Lummanagement: The Rise of LummaStealer
Title	Your Data Is Under New Lummanagement: The Rise of LummaStealer
Detected Hints/Tags/Attributes	168/4/103

Source URLs

	Redirection	Url
Details	Source	https://www.cybereason.com/blog/threat-analysis-rise-of-lummastealer

URL Provider

Details	Provider	Source level domain
Details	cybereason.com	www.cybereason.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	290	✔	Blog	https://www.cybereason.com/blog/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	bunny.net
Details	Domain	7	b-cdn.net
Details	Domain	4	steam.com
Details	Domain	29	dl.dropboxusercontent.com
Details	Domain	4	crowdstrike-office365.com
Details	Domain	2	propller.b-cdn.net
Details	Domain	4	carrtychaintnyw.shop
Details	Domain	4	quotamkdsdqo.shop
Details	Domain	117	cdn.discordapp.com
Details	Domain	1	eng1aucnh33.zip
Details	Domain	5	complainnykso.shop
Details	Domain	8	more.com
Details	Domain	1	report1.b-cdn.net
Details	Domain	1	mega03.b-cdn.net
Details	Domain	1	filesblack404.b-cdn.net
Details	Domain	1	zone02.b-cdn.net
Details	Domain	1	click1.b-cdn.net
Details	Domain	1	mato-camp-v1.b-cdn.net
Details	Domain	1	report3.b-cdn.net
Details	Domain	1	proffoduwnuq.shop
Details	Domain	1	pardaoboccia.shop
Details	Domain	1	naggersanimism.shop
Details	Domain	1	conservaitiwo.shop
Details	Domain	1	a3.bigdownloadtech.shop
Details	Domain	2	steppyplantnw.shop
Details	Domain	2	downcheck.nyc3.cdn.digitaloceanspaces.com
Details	Domain	1	ces.com
Details	Domain	4	clicktogo.click
Details	Domain	1	matteryshzh.cfd
Details	Domain	47	steamcommunity.com
Details	Domain	1	tera10.zip
Details	File	496	mshta.exe
Details	File	1282	powershell.exe
Details	File	219	setup.exe
Details	File	34	document.exe
Details	File	4	msvcp110.dll
Details	File	1	eng1aucnh33.zip
Details	File	1	iscrpaint.exe
Details	File	1	webui.dll
Details	File	11	sqlite.dll
Details	File	2	strcmp.exe
Details	File	1	btdaemon.exe
Details	File	6	python310.dll
Details	File	1	0dollarerp.exe
Details	File	1	ultimate.exe
Details	File	1	0spotifymusic.exe
Details	File	1	0screenhunter.exe
Details	File	1	0qnewb.exe
Details	File	1	0origami3.exe
Details	File	1	hpreader.exe
Details	File	1053	rundll32.exe
Details	File	1	tak_deco_lib.dll
Details	File	1	mp3tag.exe
Details	File	1	tera10.zip
Details	md5	1	e74b1e485e42e8ba7a65ab6927e872a5
Details	sha1	2	bfc1422d1c5351561087bd3e6d82ffbad5221dae
Details	sha1	1	128a085b84667420359bfd5b7bad0a431ca89e35
Details	sha1	1	9f3651ad5725848c880c24f8e749205a7e1e78c1
Details	sha1	1	f3e5a2e477cac4bab85940a2158eed78f2d74441
Details	sha1	1	a01fa9facf3a13c5a9c079d79974842abff2a3f2
Details	sha1	1	99b8464e2aabff3f35899ead95dfac83f5edac51
Details	sha1	1	afdefcd9eb251202665388635c0109b5f7b4c0a5
Details	sha1	1	f89f91e33bf59d0a07dfb1c4d7246d74a05dd67d
Details	sha1	1	594d61532fb2aea88f2e3245473b600d351ee398
Details	sha1	1	e264ba0e9987b0ad0812e5dd4dd3075531cfe269
Details	sha1	1	c07e49c362f0c21513507726994a9bd040c0d4eb
Details	sha1	1	f2c37ad5ca8877186c846b6dfb2cb761f5353305
Details	IPv4	3	104.21.0.0
Details	IPv4	1	146.19.128.68
Details	IPv4	1	89.187.169.3
Details	IPv4	1	84.17.38.250
Details	IPv4	1	156.146.56.169
Details	IPv4	1	104.21.17.3
Details	IPv4	2	104.21.20.40
Details	IPv4	2	172.67.191.81
Details	IPv4	1	172.64.145.29
Details	IPv4	1	104.18.42.227
Details	IPv4	1	172.67.151.251
Details	IPv4	1	104.21.33.45
Details	IPv4	1	172.67.193.251
Details	IPv4	1	169.150.207.210
Details	IPv4	2	188.114.96.12
Details	IPv4	1	188.114.97.12
Details	MITRE ATT&CK Techniques	86	T1583.001
Details	MITRE ATT&CK Techniques	43	T1588.001
Details	MITRE ATT&CK Techniques	51	T1608.001
Details	MITRE ATT&CK Techniques	186	T1189
Details	MITRE ATT&CK Techniques	197	T1566.002
Details	MITRE ATT&CK Techniques	23	T1566.003
Details	MITRE ATT&CK Techniques	490	T1059.001
Details	MITRE ATT&CK Techniques	146	T1059.005
Details	MITRE ATT&CK Techniques	62	T1059.006
Details	MITRE ATT&CK Techniques	3	T1059.010
Details	MITRE ATT&CK Techniques	113	T1204.001
Details	MITRE ATT&CK Techniques	385	T1204.002
Details	MITRE ATT&CK Techniques	399	T1547.001
Details	MITRE ATT&CK Techniques	28	T1027.010
Details	MITRE ATT&CK Techniques	19	T1027.013
Details	MITRE ATT&CK Techniques	236	T1574.002
Details	MITRE ATT&CK Techniques	114	T1119
Details	MITRE ATT&CK Techniques	97	T1132
Details	MITRE ATT&CK Techniques	439	T1041
Details	Url	6	https://steamcommunity.com/profiles/76561199724331900