Lumma Stealer is Out... of business!
· Published 21/05/2025 23:03 · Modified 22/05/2025 09:43
Essential information
- Published
- 21/05/2025 23:03
- Modified
- 22/05/2025 09:43
- Tags
- 2025-05-21 data theft information stealer infrastructure takedown lummac lummac2 malware-as-a-service multi-tiered c2 redline
- Related entities
- 200 observables, 1 intrusion sets (apt), 10 techniques (mitre), 1 malware, 41 others
Description
A coordinated action led by Microsoft's Digital Crimes Unit, with participation from Bitsight and other partners, has successfully dismantled the operational capabilities of Lumma Stealer (LummaC2), a prominent information stealer operating since late 2022. The operation involved seizing over 1,000 domains and shutting down more than 90 Telegram channels and Steam profiles associated with the malware's infrastructure. LummaC2, which gained popularity after the takedown of Redline and Meta stealers, targeted Windows systems to extract sensitive data from various applications. The malware employed a complex, multi-tiered command and control infrastructure, using multiple domains, Steam profiles, and Telegram channels for resilience. This disruptive action is expected to significantly impact the threat landscape and hinder criminal activities in the malware scene.
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Observables (200)
ppi2.circledexj.cyouaex.circledexj.cyouc3.digital-odyssey.shopzsilvermoonbeam.hairzoolclaud.pwzincaa.shopzinc-sneark.bizzestmodp.topzfurrycomp.topzefnecho.cyouzengardxen.cyouzboldmeadow.cyouzadventurousfood.cyouyounngpresseo.shopxrfxcaseq.liveyndo-pepper.bondxcelmodo.runwxayfarer.livewucijyi.shopwritekdmsnu.sitewrigglesight.sbswrench-creter.sbswrathful-jammy.cyouwqanderludreams.techworshipstrar.bizworryfillvolcawoi.shopworldpofadventure.todaywordyfindy.latworddosofrm.shopwonderfulbelif.clickwolverineas.topwishagy.livewolfestandt.runwisemassiveharmonious.shopwisecr213acktr.cyouwinterchill.shopwildpadventures.techwilddthings.topwiesespark.cyouwide-eyeder.cyouwickedneatr.sbswholersorie.shopwellofflyric.clickweighcobbweo.topweighappetis.clickweiggheticulop.shopwebinspisrve.icuweb-security3.comweaponwo.lifeweaponswh.runwealthestored.icuweakkysemwmns.shopwavessdemotion.todaywashytortt.clickwashyceehsu.latwarnger.xyzwarmwhearts.cloudwarmconfuse.bizwarlikedbeliev.orgwandberup.shopwaiteralcohowl.shopvwibrantwonders.restvqaliantheart.livevoyageprivato.bondvividimaginatigon.topvividhheartbeat.hairvisiwonarypath.topviridisw.topvirationli.sitevictoreqs.runvibrantadtventures.topvibranktdream.topvibrajntvibes.techversersleep.shopversedkinfe.sbsvennurviot.sbsurbkureforum.topurbjanjungle.techurbanouasis.cyouurbanodys.topurbanfzgproject.beturbanaodes.clickuqtilityutop.shopuprootquincju.shopuppermixturyz.siteunrestyherf.cfdunknowneform.topunityshootsz.siteuniquedpieco.siteuniqueadowpqm.shopunderlinemdsj.siteundesirabkel.clickuncertainyelemz.betunawaredfostwp.shoptwilitghtarc.livetwhoughtfulgifts.cyouturngallerudgo.icuturkeyunlikelyofw.shoptryyudjasudqo.shoptrustterwowqm.shoptruegbloom.cyoutruefbloom.cyoutruculengisau.biztrotwhvn.livetrolleyrreiwn.shoptriplooqp.worldtripfflux.worldtrenndylicensei.shoptrendsetterstop.toptreatynreit.sitetravielup.toptraveljournal-techinsights.shoptravewlio.shoptravelilx.toptranuqlekper.bondtransfosdrm.livetransatcitov.cfdtranqyuilspace.hairtranqnuilserenity.picstradersneez.clicktracnquilforest.lifetouvrlane.bettorubleeodsmzo.shoptortoisgfe.toptoptalentw.toptoppyneedus.biztogoltrove.shoptirepublicerj.shoptinpanckakgou.shoptimnelessdesign.cyouthumbystriw.storethritvingnature.clickthingymediay.cyouthingssalver.clickthingspouter.topthicktoys.sbstheorxhysics.shoptheinterg.worldthehealthylifesstop.topthegoodstylestop.topthefashioniststop.topterritoryleaduo.clicktentabatte.lattechworld2025.toptechsxzts.clicktechspherxe.toptechmindzs.livetechixnnovation.techtecchsavvy.cyouteachherwjw.shoptawdrydadysz.icutargett.toptargetsand.shoptaramigo.lifetampermonkey08.toptampermonkey03.toptampermonkey02.toptalkynicer.lattacticaltr.shoptacticalte.shoptacitglibbr.bizsysmeshm.runsustainskelet.latsurroundeocw.shopsupporse-comment.cyousupjportsho.icusunpnyvibes.techsuggestyuoz.bizsudnnyparadox.hairsubduedkinlkly.shopsubawhipnator.lifestylishdesigzns.topstyleclinic-beautyicon.shopstxarnavig.livestuffgull.topstudennotediw.storestrivehelpeu.bondstripedre-lot.bondstrikebripm.sbsstrawpeasaen.funstory-tense-faz.sbsstormlegue.comstitchmiscpaew.shopstingyerasjhru.clicksteycools.pwstepupnwr.livesteppriflej.xyzsteepycentnqopm.shopsteelixr.livestartydashek.clickstarrynsightsky.icustare-roar.cyoustardbawn.cyoustarcloc.betstandartedby.shopspringobtainn.bizspookycappy.bizspirittunek.storespellshagey.bizspacedbv.world
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 07:16 · Modified 21/12/2025 07:16
Techniques (MITRE) (10)
-
Credentials from Web Browsers
-
Credentials from Password Stores
-
Data from Local System
-
Encrypted Channel
-
Application Layer Protocol
-
Web Service
-
Deobfuscate/Decode Files or Information
-
Data Encoding
-
Input Capture
-
Command and Scripting Interpreter
Malware (1)
-
FamilyPublished 08/06/2026 19:36 · Modified 08/06/2026 19:36
Others (41)
- zealjkh.digital
- weldorae.digital
- upmodini.digital
- triggerte.digital
- thnnkzt.digital
- sterpickced.digital
- steelmor.digital
- steeliow.digital
- sparkiob.digital
- shiftvc.digital
- reformzv.digital
- racxilb.digital
- porcupineq.digital
- physicalsnowwer.digital
- owlflright.digital
- overlapseq.digital
- nebdulaq.digital
- metalsyo.digital
- meerkaty.digital
- lsunarlandsc.digital
- longitudde.digital
- lancery.digital
- krxspint.digital
- italecony.digital
- heatmodd.digital
- grxeasyw.digital
- furryfinkders.digital
- firearmsv.digital
- faminuarfas.digital
- erilhvs.digital
- elvernwood.digital
- easyfwdr.digital
- dreamttexxerk.digital
- discrk.digital
- darjkafsg.digital
- comexisj.digital
- byteplusx.digital
- boltetuurked.digital
- blissfulspillow.digital
- aromatcagge.digital
- agroecologyguide.digital