IOC: e0f84a65a11819e1c5b5fcacc9cffc11adbefa91

216.73.216.36

Indicator (IOC)

yara Revoked AlienVault · Published 21/12/2025 01:08 · Modified 21/12/2025 01:08

Essential information

Value / Name: e0f84a65a11819e1c5b5fcacc9cffc11adbefa91
Confidence: 100/100
Revoked: Yes
Valid from: 11/09/2023 16:58
Valid until: 14/12/2024 15:58
Pattern type: yara
Published: 21/12/2025 01:08
Modified: 21/12/2025 01:08
Author / Source: AlienVault

Description

LummaC2 Detection

Pattern

rule LummaC2 {   
      
       meta:   
           author = "RussianPanda"   
           description = "LummaC2 Detection"   
      
       strings:   
           $p1="lid=%s&j=%s&ver"   
           $p2= {89 ca 83 e2 03 8a 54 14 08 32 54 0d 04}   
      
       condition:   
           all of them and filesize <= 500KB   
   }

Labels / Tags

Labels: amadey dcrat lumma lummac2 powershell privateloader python raccoonstealer redline stealer

Marking (TLP)

TLP:CLEAR

Related entities

No linked attack reports or intrusion sets yet.