Lumma
· Published 21/12/2025 13:01 · Modified 21/12/2025 13:01
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 13:01
- Modified
- 21/12/2025 13:01
- Updated at
- 21/12/2025 13:01
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 reports, 11 attack patterns (mitre), 6 malware, 2 sectors, 2 countries, 35 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (2)
-
5 Malwares 1 APTPublished 20/08/2025 18:39 · Modified 20/08/2025 21:21
-
6 MITREs 1 Malware 15 Observables 1 APTPublished 21/04/2025 17:31 · Modified 21/04/2025 22:51
Attack patterns (MITRE) (11)
-
T1055 usesProcess Injection
-
T1571 usesNon-Standard Port
-
T1555 usesCredentials from Password Stores
-
T1573 usesEncrypted Channel
-
T1518 usesSoftware Discovery
-
T1027 usesObfuscated Files or Information
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1497 usesVirtualization/Sandbox Evasion
-
T1059.007 usesJavaScript
-
T1588.001 usesMalware
-
T1059.001 usesPowerShell
Malware (6)
-
Lumma usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:50 · Modified 21/12/2025 16:13
-
Lumma Stealer usesFamilyPublished 08/06/2026 19:36 · Modified 08/06/2026 19:36
-
Meduza Stealer usesFamilyPublished 20/08/2025 18:39 · Modified 20/08/2025 18:39
-
Vidar usesFamilyPublished 16/06/2026 09:50 · Modified 16/06/2026 09:50
-
CraxsRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:06 · Modified 21/12/2025 16:15
-
StealC usesFamilyPublished 27/03/2026 08:46 · Modified 27/03/2026 08:46
Sectors (2)
- Government targets
- Finance targets
Countries (2)
- Mongolia targets
- Russian Federation targets
Indicators (35)
-
seenga.comindicates -
ghostreedmnu.shopindicates -
vn5socks.netindicates -
binsoficial666.activo.mxindicates -
offensivedzvju.shopindicates -
hotsocks.bizindicates -
faceless.ccindicates -
downloadsbeta.comindicates -
earthsymphzony.todayindicates -
bclub.cmindicates -
techmindzs.liveindicates -
http://seenga.com/page/confirm.htmlindicates