Global operation disrupts Lumma Stealer

May 26, 2025, 9:49 a.m.

Description

ESET collaborated with Microsoft and other partners in a global operation to disrupt Lumma Stealer, a prominent malware-as-a-service infostealer. ESET's contribution involved analyzing tens of thousands of malware samples to extract key data like C&C servers and affiliate identifiers. The operation targeted Lumma Stealer's infrastructure, aiming to render its exfiltration network nonoperational. Lumma Stealer had been actively developed and maintained by its operators, with regular updates to its code and network infrastructure. It employed various anti-analysis techniques and targeted a wide range of data, including credentials from browsers, cryptocurrency wallets, and other applications.

External References

https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-lumma-stealer/
https://otx.alienvault.com/pulse/6834309a12aef87c250009b1
Tags
infostealer
lumma stealer
credential theft
malware-as-a-service
disruption
2025-05-26
c&c infrastructure

Date

  • Created: May 26, 2025, 9:12 a.m.
  • Published: May 26, 2025, 9:12 a.m.
  • Modified: May 26, 2025, 9:49 a.m.

Indicators

  • d5b6cd18d84f4c8334b84745bc0603d7d7407aa7243ef945f8a3696c9d097f65
  • dfa2ab0714c9f234b63fd1295ce468bd247465701a90b8a9ab9eb3d6d032d258
  • 1212tank.activitydmy.icu
  • wordingnatturedowo.xyz
  • usseorganizedw.shop
  • tolstoi.com
  • sweetcalcutangkdow.xyz
  • starofliught.top
  • sectorecoo.live
  • qualificationjdwko.xyz
  • lunoxorn.top
  • grandcommonyktsju.xyz
  • exuberanttjdkwo.xyz
  • experimentalideas.today
  • encirelk.cyou
  • deadtrainingactioniw.xyz
  • crisisrottenyjs.xyz
  • cooperatvassquaidmew.xyz
  • bigmouthudiop.shop
  • beerishint.sbs
  • appgridn.live
  • zestmodp.top
  • wordyfindy.lat
  • wickedneatr.sbs
  • tripfflux.world
  • travewlio.shop
  • tranuqlekper.bond
  • toppyneedus.biz
  • tentabatte.lat
  • techspherxe.top
  • techmindzs.live
  • targett.top
  • talkynicer.lat
  • suggestyuoz.biz
  • socialsscesforum.icu
  • slipperyloo.lat
  • skynetxc.live
  • shapestickyr.lat
  • salaccgfa.top
  • rockemineu.bond
  • quotamkdsdqo.shop
  • quilltayle.live
  • quietswtreams.life
  • quarrelepek.bond
  • puredoffustow.shop
  • pixtreev.run
  • piratetwrath.run
  • opponnentduei.shop
  • nighetwhisper.top
  • milldymarskwom.shop
  • metallygaricwo.shop
  • manyrestro.lat
  • liftally.top
  • latitudert.live
  • laddyirekyi.sbs
  • isoplethui.sbs
  • invinjurhey.sbs
  • hemispherexz.top
  • hardswarehub.today
  • hardrwarehaven.run
  • granystearr.bond
  • gadgethgfub.icu
  • froytnewqowv.shop
  • frizzettei.sbs
  • exilepolsiy.sbs
  • exemplarou.sbs
  • equatorf.run
  • earthsymphzony.today
  • curverpluch.lat
  • codxefusion.top
  • climatologfy.top
  • clarmodq.top
  • chickerkuso.shop
  • changeaie.top
  • carrtychaintnyw.shop
  • broadecatez.bond
  • bemuzzeki.sbs
  • bellflamre.click
  • beevasyeip.bond
  • bashfulacid.lat
  • advennture.top
  • achievenmtynwjq.shop
  • tamedgeesy.sbs
  • thinkyyokej.sbs
  • rottieud.sbs
  • repostebhu.sbs
  • relalingj.sbs
  • explainvees.sbs
  • ducksringjk.sbs
  • brownieyuz.sbs
  • writerospzm.shop
  • deallerospfosu.shop
  • celebratioopz.shop
  • traineiwnqo.shop
  • stamppreewntnq.shop
  • stagedchheiqwo.shop
  • millyscroqwp.shop
  • locatedblsoqp.shop
  • caffegclasiqwp.shop
  • evoliutwoqm.shop
  • condedqpwqm.shop
  • quialitsuzoxm.shop
  • languagedscie.shop
  • complaintsipzzx.shop
  • bassizcellskz.shop
  • unseaffarignsk.shop
  • upknittsoappz.shop
  • shepherdlyopzc.shop
  • outpointsozp.shop
  • liernessfornicsa.shop
  • indexterityszcoxp.shop
  • lariatedzugspd.shop
  • callosallsaospz.shop
Download all indicators here!

Attack Patterns

  • Lumma Stealer
  • Lumma Stealer

Additional Informations

  • sparkiob.digital
  • longitudde.digital
  • byteplusx.digital