{ "name": "LummaC2 Malware Abusing the Game Platform 'Steam'", "slug": "lummac2-malware-abusing-the-game-platform-steam", "description": "The report investigates LummaC2, an infostealer malware actively distributed under the guise of illegal software. It highlights LummaC2's tactics of utilizing encrypted strings and abusing legitimate websites like Steam to acquire command-and-control (C2) domains. The malware steals sensitive user data and sends it to the C2 servers. The analysis delves into LummaC2's evolution, distribution methods, encryption routines, and the types of information it targets for theft.", "published": "2024-07-26T06:25:52+00:00", "created_at": "2024-07-26T06:25:52+00:00", "modified_at": "2024-07-26T07:00:46+00:00", "created_at_opencti": "2024-07-26T06:25:52+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-07-26", "data theft", "infostealer", "lummac2", "vidar" ], "related_entities": { "observables": [ { "id": "", "name": "https://steamcommunity.com/profiles/76561199724331900" }, { "id": "", "name": "https://unseaffarignsk.shop/api" }, { "id": "", "name": "https://upknittsoappz.shop/api" }, { "id": "", "name": "https://sicillyosopzv.shop/api" }, { "id": "", "name": "https://shepherdlyopzc.shop/api" }, { "id": "", "name": "https://reinforcedirectorywd.shop/api" }, { "id": "", "name": "https://outpointsozp.shop/api" }, { "id": "", "name": "https://liernessfornicsa.shop/api" }, { "id": "", "name": "https://lariatedzugspd.shop/api" }, { "id": "", "name": "https://indexterityszcoxp.shop/api" }, { "id": "", "name": "https://callosallsaospz.shop/api" }, { "id": "", "name": "unseaffarignsk.shop" }, { "id": "", "name": "sicillyosopzv.shop" }, { "id": "", "name": "upknittsoappz.shop" }, { "id": "", "name": "shepherdlyopzc.shop" }, { "id": "", "name": "outpointsozp.shop" }, { "id": "", "name": "reinforcedirectorywd.shop" }, { "id": "", "name": "liernessfornicsa.shop" }, { "id": "", "name": "indexterityszcoxp.shop" }, { "id": "", "name": "lariatedzugspd.shop" }, { "id": "", "name": "callosallsaospz.shop" } ], "malware": [ { "id": "legacy:malware:37dce7f2f14d48d9", "name": "LummaC2", "slug": "lummac2" }, { "id": "2c582ed8-35df-4ef9-917d-994e214aa5f9", "name": "Vidar", "slug": "vidar" } ], "attack_patterns": [ { "id": "d3fff364-9b70-4b8e-9206-05e7a8973fd5", "name": "T1553.004" }, { "id": "759720f6-8f0f-4017-ab21-7ac30d0bf46f", "name": "T1555.001" }, { "id": "7671fe3e-6a85-463e-928d-16117d2f4f9b", "name": "T1059.006" }, { "id": "9e784d22-5a6c-4da6-968a-5fab2f019efd", "name": "T1059.005" }, { "id": "b7ba0db0-7d4f-436f-8d5f-c431d690b048", "name": "T1555.003" }, { "id": "6b2e0999-c7e8-4662-94ac-19aa8520ee46", "name": "T1059.003" }, { "id": "32b33067-6566-4b8d-be80-e96f765d84de", "name": "T1059.001" }, { "id": "e73b317e-ea92-49b4-a45d-051f7279aced", "name": "T1213" }, { "id": "9322d33b-00c1-4f99-9f1a-a33d93c0dac2", "name": "T1059.007" }, { "id": "2e0c6db7-16a7-4bf6-992e-263474014fce", "name": "T1059.004" }, { "id": "a72b6e11-a5d5-4f5a-8f0d-8861e90c34f7", "name": "T1555" }, { "id": "46ecf5ab-5539-4a8a-aa5b-c180d0ae5a67", "name": "T1059.002" }, { "id": "5dee2969-7083-430e-9083-73bab54c3a18", "name": "T1590" }, { "id": "6d618903-d9f6-4747-aec2-7630f43c1908", "name": "T1496" }, { "id": "45082a8e-9c79-470e-ad1b-decac7188e8f", "name": "T1083" }, { "id": "7abb6e8c-d357-49ef-9244-017043055224", "name": "T1205" }, { "id": "50514c04-b3a2-4abf-a855-e3a434200c87", "name": "T1204" }, { "id": "6aa7866f-9c1f-4159-938a-10a6adf41646", "name": "T1553" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ] }, "external_refs": [ "https://asec.ahnlab.com/en/68309/", "https://otx.alienvault.com/pulse/66a35d901d64edbeab115298" ] }