{
  "name": "Global operation disrupts Lumma Stealer",
  "slug": "global-operation-disrupts-lumma-stealer",
  "description": "ESET collaborated with Microsoft and other partners in a global operation to disrupt Lumma Stealer, a prominent malware-as-a-service infostealer. ESET's contribution involved analyzing tens of thousands of malware samples to extract key data like C&C servers and affiliate identifiers. The operation targeted Lumma Stealer's infrastructure, aiming to render its exfiltration network nonoperational. Lumma Stealer had been actively developed and maintained by its operators, with regular updates to its code and network infrastructure. It employed various anti-analysis techniques and targeted a wide range of data, including credentials from browsers, cryptocurrency wallets, and other applications.",
  "published": "2025-05-26T07:12:58+00:00",
  "created_at": "2025-05-26T07:12:58+00:00",
  "modified_at": "2025-05-26T07:49:10+00:00",
  "created_at_opencti": "2025-05-26T07:12:58+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-05-26",
    "c&c infrastructure",
    "credential-theft",
    "disruption",
    "infostealer",
    "lumma stealer",
    "malware-as-a-service"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "1212tank.activitydmy.icu"
      },
      {
        "id": "",
        "name": "wordingnatturedowo.xyz"
      },
      {
        "id": "",
        "name": "usseorganizedw.shop"
      },
      {
        "id": "",
        "name": "tolstoi.com"
      },
      {
        "id": "",
        "name": "sweetcalcutangkdow.xyz"
      },
      {
        "id": "",
        "name": "starofliught.top"
      },
      {
        "id": "",
        "name": "sectorecoo.live"
      },
      {
        "id": "",
        "name": "qualificationjdwko.xyz"
      },
      {
        "id": "",
        "name": "lunoxorn.top"
      },
      {
        "id": "",
        "name": "grandcommonyktsju.xyz"
      },
      {
        "id": "",
        "name": "exuberanttjdkwo.xyz"
      },
      {
        "id": "",
        "name": "experimentalideas.today"
      },
      {
        "id": "",
        "name": "encirelk.cyou"
      },
      {
        "id": "",
        "name": "deadtrainingactioniw.xyz"
      },
      {
        "id": "",
        "name": "crisisrottenyjs.xyz"
      },
      {
        "id": "",
        "name": "cooperatvassquaidmew.xyz"
      },
      {
        "id": "",
        "name": "bigmouthudiop.shop"
      },
      {
        "id": "",
        "name": "beerishint.sbs"
      },
      {
        "id": "",
        "name": "appgridn.live"
      },
      {
        "id": "",
        "name": "zestmodp.top"
      },
      {
        "id": "",
        "name": "wordyfindy.lat"
      },
      {
        "id": "",
        "name": "wickedneatr.sbs"
      },
      {
        "id": "",
        "name": "tripfflux.world"
      },
      {
        "id": "",
        "name": "travewlio.shop"
      },
      {
        "id": "",
        "name": "tranuqlekper.bond"
      },
      {
        "id": "",
        "name": "toppyneedus.biz"
      },
      {
        "id": "",
        "name": "tentabatte.lat"
      },
      {
        "id": "",
        "name": "techspherxe.top"
      },
      {
        "id": "",
        "name": "techmindzs.live"
      },
      {
        "id": "",
        "name": "targett.top"
      },
      {
        "id": "",
        "name": "talkynicer.lat"
      },
      {
        "id": "",
        "name": "suggestyuoz.biz"
      },
      {
        "id": "",
        "name": "socialsscesforum.icu"
      },
      {
        "id": "",
        "name": "slipperyloo.lat"
      },
      {
        "id": "",
        "name": "skynetxc.live"
      },
      {
        "id": "",
        "name": "shapestickyr.lat"
      },
      {
        "id": "",
        "name": "salaccgfa.top"
      },
      {
        "id": "",
        "name": "rockemineu.bond"
      },
      {
        "id": "",
        "name": "quotamkdsdqo.shop"
      },
      {
        "id": "",
        "name": "quilltayle.live"
      },
      {
        "id": "",
        "name": "quietswtreams.life"
      },
      {
        "id": "",
        "name": "quarrelepek.bond"
      },
      {
        "id": "",
        "name": "puredoffustow.shop"
      },
      {
        "id": "",
        "name": "pixtreev.run"
      },
      {
        "id": "",
        "name": "piratetwrath.run"
      },
      {
        "id": "",
        "name": "opponnentduei.shop"
      },
      {
        "id": "",
        "name": "nighetwhisper.top"
      },
      {
        "id": "",
        "name": "milldymarskwom.shop"
      },
      {
        "id": "",
        "name": "metallygaricwo.shop"
      },
      {
        "id": "",
        "name": "manyrestro.lat"
      },
      {
        "id": "",
        "name": "liftally.top"
      },
      {
        "id": "",
        "name": "latitudert.live"
      },
      {
        "id": "",
        "name": "laddyirekyi.sbs"
      },
      {
        "id": "",
        "name": "isoplethui.sbs"
      },
      {
        "id": "",
        "name": "invinjurhey.sbs"
      },
      {
        "id": "",
        "name": "hemispherexz.top"
      },
      {
        "id": "",
        "name": "hardswarehub.today"
      },
      {
        "id": "",
        "name": "hardrwarehaven.run"
      },
      {
        "id": "",
        "name": "granystearr.bond"
      },
      {
        "id": "",
        "name": "gadgethgfub.icu"
      },
      {
        "id": "",
        "name": "froytnewqowv.shop"
      },
      {
        "id": "",
        "name": "frizzettei.sbs"
      },
      {
        "id": "",
        "name": "exilepolsiy.sbs"
      },
      {
        "id": "",
        "name": "exemplarou.sbs"
      },
      {
        "id": "",
        "name": "equatorf.run"
      },
      {
        "id": "",
        "name": "earthsymphzony.today"
      },
      {
        "id": "",
        "name": "curverpluch.lat"
      },
      {
        "id": "",
        "name": "codxefusion.top"
      },
      {
        "id": "",
        "name": "climatologfy.top"
      },
      {
        "id": "",
        "name": "clarmodq.top"
      },
      {
        "id": "",
        "name": "chickerkuso.shop"
      },
      {
        "id": "",
        "name": "changeaie.top"
      },
      {
        "id": "",
        "name": "carrtychaintnyw.shop"
      },
      {
        "id": "",
        "name": "broadecatez.bond"
      },
      {
        "id": "",
        "name": "bemuzzeki.sbs"
      },
      {
        "id": "",
        "name": "bellflamre.click"
      },
      {
        "id": "",
        "name": "beevasyeip.bond"
      },
      {
        "id": "",
        "name": "bashfulacid.lat"
      },
      {
        "id": "",
        "name": "advennture.top"
      },
      {
        "id": "",
        "name": "achievenmtynwjq.shop"
      },
      {
        "id": "",
        "name": "tamedgeesy.sbs"
      },
      {
        "id": "",
        "name": "thinkyyokej.sbs"
      },
      {
        "id": "",
        "name": "rottieud.sbs"
      },
      {
        "id": "",
        "name": "repostebhu.sbs"
      },
      {
        "id": "",
        "name": "relalingj.sbs"
      },
      {
        "id": "",
        "name": "explainvees.sbs"
      },
      {
        "id": "",
        "name": "ducksringjk.sbs"
      },
      {
        "id": "",
        "name": "brownieyuz.sbs"
      },
      {
        "id": "",
        "name": "writerospzm.shop"
      },
      {
        "id": "",
        "name": "deallerospfosu.shop"
      },
      {
        "id": "",
        "name": "celebratioopz.shop"
      },
      {
        "id": "",
        "name": "traineiwnqo.shop"
      },
      {
        "id": "",
        "name": "stamppreewntnq.shop"
      },
      {
        "id": "",
        "name": "stagedchheiqwo.shop"
      },
      {
        "id": "",
        "name": "millyscroqwp.shop"
      },
      {
        "id": "",
        "name": "locatedblsoqp.shop"
      },
      {
        "id": "",
        "name": "caffegclasiqwp.shop"
      },
      {
        "id": "",
        "name": "evoliutwoqm.shop"
      },
      {
        "id": "",
        "name": "condedqpwqm.shop"
      },
      {
        "id": "",
        "name": "quialitsuzoxm.shop"
      },
      {
        "id": "",
        "name": "languagedscie.shop"
      },
      {
        "id": "",
        "name": "complaintsipzzx.shop"
      },
      {
        "id": "",
        "name": "bassizcellskz.shop"
      },
      {
        "id": "",
        "name": "unseaffarignsk.shop"
      },
      {
        "id": "",
        "name": "upknittsoappz.shop"
      },
      {
        "id": "",
        "name": "shepherdlyopzc.shop"
      },
      {
        "id": "",
        "name": "outpointsozp.shop"
      },
      {
        "id": "",
        "name": "liernessfornicsa.shop"
      },
      {
        "id": "",
        "name": "indexterityszcoxp.shop"
      },
      {
        "id": "",
        "name": "lariatedzugspd.shop"
      },
      {
        "id": "",
        "name": "callosallsaospz.shop"
      },
      {
        "id": "",
        "name": "d5b6cd18d84f4c8334b84745bc0603d7d7407aa7243ef945f8a3696c9d097f65"
      },
      {
        "id": "",
        "name": "dfa2ab0714c9f234b63fd1295ce468bd247465701a90b8a9ab9eb3d6d032d258"
      }
    ],
    "malware": [
      {
        "id": "0051da15-675b-4665-a6d1-872f64cf47ea",
        "name": "Lumma Stealer",
        "slug": "lumma-stealer"
      }
    ],
    "intrusion_sets": [
      {
        "id": "b9a7069d-7d9a-4ff6-8e06-7dc7e0bc6d80",
        "name": "Lumma Stealer",
        "slug": "lumma-stealer"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "sparkiob.digital"
      },
      {
        "id": "",
        "name": "longitudde.digital"
      },
      {
        "id": "",
        "name": "byteplusx.digital"
      }
    ]
  },
  "external_refs": [
    "https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-lumma-stealer/",
    "https://otx.alienvault.com/pulse/6834309a12aef87c250009b1"
  ]
}