IoC Extractor
This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.
Active Lumma Stealer Campaign Impacting U.S. SLTTsDATE : 2025-03-25T20:46:30
SOURCE : cisecurity.orgFILE_HASH_MD5:7a0525921ff54f1193db83d7303c6ee8
FILE_HASH_SHA256:C0F74200267A768EB6F8A392A708C9CEDE9062E0E9D4391040AE94B495450D0D
Domain:darktrace.com
blog.qualys.com
seanthegeek.net
cybereason.com
ontinue.com
absolutepicks.shop
botcheck-encrypted-system.b-cdn.net
bondgustavu.shophandscreamny.shophardcorelegends.comhelpmemoverand.comhhhh.klipcewucyu.shophuman-check.b-cdn.nethuman-verify02.b-cdn.netialphacore.shopibattleboost.shopimmolatechallen.bondimpressflow.cominsigelo.comiplogger.coitechtics.comizmncdnboxuse01.b-cdn.netizmncdnboxuse02.b-cdn.netizmncdnboxuse03.b-cdn.netizmncdnboxuse04.b-cdn.netizmncdnboxuse05.b-cdn.netizmncdnboxuse06.b-cdn.netizmncdnboxuse07.b-cdn.netjarry-deatile.bondjarry-fixxer.bondkev-tolstoi.comkiddoloom.shopklipderiq.shoplalclenfjhkinbn.toplanguagedscie.shoplatestgadet.comlinkspans.comlongingfluffyr.cyoumarimarbahamas.memediamanagerverif.commennyudosirso.shopmisha-lomonosov.commyapt67.s3.amazonaws.commytecbiz.orgn.kliphirofey.shopn2.aroundpayablequirk.shopnettrilo.comnewverifyyourself-system.b-cdn.netnewverifyyourself-system1.b-cdn.netnikutjyjgchr.b-cdn.netnikutjyjgchrv21.b-cdn.netnikutjyjgchrv22.b-cdn.netnikutjyjgchrv23.b-cdn.netnikutjyjgchrv24.b-cdn.netnikutjyjgchrv25.b-cdn.netnowuseemi.comobjectstorage.ap-mumbai-1.oraclecloud.comobjectstorage.sa-santiago-1.oraclecloud.comofferzforu.comofferztodayforu.compain-temper.bondprecious-valkyrie-cea580.netlify.appprivatemeld.comprivatox.comprovenhandshakecap.compub-7a0525921ff54f1193db83d7303c6ee8.r2.devpurnimaali.comqu.axquialitsuzoxm.shopreachorax.comregsigara.comrestoindia.merobinsharez.shopsatisfiedweb.comscrutinycheck.cashsearchmegood.comsecureporter.comservinglane.comsheenglathora.comsmartlinkoffer.comsolve.bogx.orgsos-at-vie-1.exo.iosos-at-vie-2.exo.iosos-bg-sof-1.exo.iosos-ch-dk-2.exo.iosos-ch-gva-2.exo.iosos-ch-gva-2.sos-cdn.netsos-de-fra-1.exo.iosoundtappysk.shopspotconningo.comsputinik-1985.comstartingdestine.comsteamcommunity.comstreamingsplays.comstreamingszone.comstripedre-lot.bondstrivehelpeu.bondstyletrove.shopsystem-update-botcheck.b-cdn.netsys-update-botcheck.b-cdn.nettagsflare.comtaketheright.comtechstalone.comtibedowqmwo.shoptracksvista.comtrailsift.comtravelwithandrew.xyztunneloid.comupgraded-botcheck-encryption.b-cdn.netvanshitref.comverif.dlvideosfre.clickverification-module-v2.b-cdn.netverification-module-v3.b-cdn.netverification-module-v4.b-cdn.netverification-module-v5.b-cdn.netverification-module-v6.b-cdn.netverification-module-v7.b-cdn.netverification-module-v8.b-cdn.netverification-module-v9.b-cdn.netverifyyourself-newsystem.b-cdn.netverifyyourself-system.b-cdn.netversersleep.shopverticbuzz.comweoidnet01.b-cdn.netweoidnet010.b-cdn.netweoidnet011.b-cdn.netweoidnet012.b-cdn.netweoidnet013.b-cdn.netweoidnet015.b-cdn.netweoidnet02.b-cdn.netweoidnet03.b-cdn.netweoidnet04.b-cdn.netweoidnet05.b-cdn.netweoidnet06.b-cdn.netweoidnet07.b-cdn.netweoidnet08.b-cdn.netweoidnet09.b-cdn.netwestreamdaily.comwriterospzm.shopyourtruelover.comytgvjh65archi.b-cdn.net
Url:https://darktrace.com/blog/the-rise-of-the-lumma-info-stealer
https://blog.qualys.com/vulnerabilities-threat-research/2024/10/20/unmasking-lumma-stealer-analyzing-deceptive-tactics-with-fake-captchacampaign-analysi
https://blog.qualys.com/vulnerabilities-threat-research/2024/10/20/unmasking-lumma-stealer-analyzing-deceptive-tactics-with-fake-captcha
https://seanthegeek.net/posts/compromized-store-spread-lumma-stealer-using-fake-captcha/
https://www.cybereason.com/blog/threat-analysis-rise-of-lummastealer
https://www.ontinue.com/resource/obfuscated-powershell-leads-to-lumma-c2-stealer