Tracking LummaC2 Infrastructure with Cats

May 30, 2025, 8:55 a.m.

Description

The US Department of Justice and Microsoft disrupted LummaC2 infostealing-malware through domain seizures, taking down over 2,300 associated domains. The FBI and CISA released an advisory detailing LummaC2's tactics and indicators of compromise, including 114 domains. Analysis of these domains revealed common registration patterns, such as using Eastern European names and specific mail server hostnames. Notably, several domains featured an 'About Cats' landing page, with 58 additional domains sharing this characteristic and having high risk scores. These domains are suspected of distributing LummaC2 and other malware strains. Despite the takedown efforts, 41 of these domains remain active, highlighting the need for continued vigilance against LummaC2 infrastructure.

External References

https://www.domaintools.com/resources/blog/tracking-lummac2-infrastructure-with-cats
https://otx.alienvault.com/pulse/6839003a3028827e1ebbfb1a
Tags
lummac2
malware distribution
threat intelligence
2025-05-30
domain seizures
infrastructure tracking
risk scoring
infostealing malware
cat-themed domains

Date

  • Created: May 30, 2025, 12:47 a.m.
  • Published: May 30, 2025, 12:47 a.m.
  • Modified: May 30, 2025, 8:55 a.m.

Attack Patterns

  • LummaC2
  • LummaC2

Additional Informations

  • United States of America