LummaC2 Stealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (68)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	32
ru	16
es	16
sv	2
fr	2

Country

us	48
ru	14
sv	2
de	2
gb	2

Actors

LummaC2 Stealer	2
UAC-0173	1
Havoc	1
Tofsee	1
RedLine Stealer	1

Activities

Interest

Timeline

Type

Not Defined	34
Content Management System	6
Programming Language Software	6
Groupware Software	4
Messaging Software	2

Vendor

Not Defined	20
Microsoft	4
Wikimedia	2
Mirabilis	2
tholum	2

Product

Microsoft Exchange Server	4
Wikimedia mediawiki-extensions-I18nTags	2
Mirabilis ICQ	2
tholum crm42	2
Dolibarr CRM	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	mailcow Sync Job os command injection	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00174	0.03	CVE-2023-26490
2	PHP password_verify poison null byte	3.7	3.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00045	0.12	CVE-2024-3096
3	PHP proc_open command injection	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.20	CVE-2024-1874
4	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.00061	0.00	CVE-2023-36439
5	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.00056	0.04	CVE-2023-36050
6	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.00056	0.00	CVE-2023-36035
7	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.00056	0.00	CVE-2023-36039
8	iGamingModules flashgames game.php sql injection	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00315	0.08	CVE-2008-10003
9	Netgate pfSense Plus/pfSense CE SSHGuard protection mechanism	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00238	0.04	CVE-2023-27100
10	mailcow Sync Job os command injection	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00539	0.03	CVE-2022-31245
11	Adminer access control	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00142	0.05	CVE-2021-43008
12	YAFNET Private Message PostPrivateMessage cross site scripting	4.1	4.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00099	0.07	CVE-2023-0549
13	Wikimedia mediawiki-extensions-I18nTags Unlike Parser I18nTags_body.php cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00063	0.04	CVE-2018-25065
14	tad_discuss cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00063	0.08	CVE-2021-4267
15	rickxy Stock Management System processlogin.php cross site scripting	4.7	4.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00066	0.04	CVE-2022-4089
16	Hospital Management Center patient-info.php sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00151	0.04	CVE-2022-4012
17	SourceCodester Sanitization Management System Banner Image cross site scripting	3.6	3.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00070	0.04	CVE-2022-3992
18	tholum crm42 Login class.user.php sql injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00266	0.00	CVE-2022-3955
19	Mirabilis ICQ Guestbook denial of service	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00210	0.00	CVE-2000-0564
20	Zeeways ZEEPROPERTY File Upload viewprofile.php access control	6.3	5.8	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00428	0.00	CVE-2008-6914

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	144.76.173.247	static.247.173.76.144.clients.your-server.de	LummaC2 Stealer		04/02/2024	verified	High
2	XXX.XXX.XXX.XX		Xxxxxxx Xxxxxxx		04/02/2024	verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	High
3	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
7	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/admin/index.php?id=themes&action=edit_template&filename=blog	predictive	High
2	File	/forum/PostPrivateMessage	predictive	High
3	File	/pages.php	predictive	Medium
4	File	/pages/processlogin.php	predictive	High
5	File	admin/?page=system_info	predictive	High
6	File	admin/gallery.php	predictive	High
7	File	articles.php	predictive	Medium
8	File	cart_remove.php	predictive	High
9	File	catalog.asp	predictive	Medium
10	File	xxxxxxxxxx.xxx	predictive	High
11	File	xxxxxxxxxx.xxx	predictive	High
12	File	xxxxx\xxxxx\xxxxx.xxxx.xxx	predictive	High
13	File	xxxxxxx.xxx	predictive	Medium
14	File	xxxxxxx.xxx	predictive	Medium
15	File	xxxxxxxx.xxx	predictive	Medium
16	File	xxxx.xxx	predictive	Medium
17	File	xxxxxxxx_xxxx.xxx	predictive	High
18	File	xxx/xxxxxxx.xxx	predictive	High
19	File	xxx_xxxxxxxxxxxxxxxxxxx.xxx	predictive	High
20	File	xxxx.xxx	predictive	Medium
21	File	xxxxxx.xxx	predictive	Medium
22	File	xxx.xxx	predictive	Low
23	File	xxxxxx.xxx	predictive	Medium
24	File	xxxxxxx/xxx/xxxxx.xxx	predictive	High
25	File	xx_xxxxxxxxxx.xxx	predictive	High
26	File	xxxx.xxx	predictive	Medium
27	File	xxxxx.xxx	predictive	Medium
28	File	xxxxxxx-xxxx.xxx	predictive	High
29	File	xxxxxxx.xxx	predictive	Medium
30	File	xxxxxxxxxxxxxx.xxx	predictive	High
31	File	xxxxxxxx.xxx	predictive	Medium
32	File	xxxx.xxx	predictive	Medium
33	File	xxxxx-xxxx]_xxxxxx.xxx	predictive	High
34	File	xxxxxxxxxxxx.xxx	predictive	High
35	File	xxxxxxxxx.xxx	predictive	High
36	File	xxxxxxxxxxx.xxx	predictive	High
37	Argument	xxx	predictive	Low
38	Argument	x/x	predictive	Low
39	Argument	xxx	predictive	Low
40	Argument	xxx	predictive	Low
41	Argument	xxxxx	predictive	Low
42	Argument	xxxxxxxxxxxx	predictive	Medium
43	Argument	xxxxxxxx	predictive	Medium
44	Argument	xxxx	predictive	Low
45	Argument	xx	predictive	Low
46	Argument	xxxx[*][xxxx]	predictive	High
47	Argument	xxx	predictive	Low
48	Argument	xxxxxxxx	predictive	Medium
49	Argument	xxx	predictive	Low
50	Argument	xxxxx xxxxxx	predictive	Medium
51	Argument	xxxxx	predictive	Low
52	Argument	xxxxxx	predictive	Low
53	Argument	xxxx	predictive	Low
54	Argument	xxxxxxxxx	predictive	Medium
55	Argument	xxx_xx	predictive	Low
56	Argument	xx_xx	predictive	Low
57	Argument	xxxxxxxxxx	predictive	Medium
58	Argument	xxx	predictive	Low
59	Argument	xxxxxxx/xxxxxxx	predictive	High
60	Argument	xxxx	predictive	Low
61	Argument	xxxx_xxxx	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!