DNS Spotlight: Rockstar2FA Shuts Down, FlowerStorm Starts Up
WhoisXML API found 1,340+ artifacts that could be connected to FlowerStorm. Download the threat research materials now.
Continue reading Download reportIlluminating Lumma Stealer DNS Facts and Findings
Popular malware-as-a-service (MaaS) offering Lumma Stealer has been active since 2022. It has been employed, in fact, to target victims in Argentina, Colombia, the U.S., the Philippines, and several other countries worldwide.1
In its latest campaign, the threat actors used fake CAPTCHAs to deliver the stealer. Cybersecurity researchers identified 34 indicators of compromise (IoCs) comprising 27 domains and seven subdomains in their in-depth analysis.2
The WhoisXML API research team dove deeper into the threat aided by our comprehensive DNS intelligence and uncovered potentially connected artifacts, namely:
- 25 IP addresses, 23 of which turned out to be malicious
- 228 string-connected domains, 18 of which have already been tagged as malicious
- 477 string-connected subdomains, two of which turned out to have already figured in malicious campaigns
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://www.netskope.com/blog/lumma-stealer-fake-captchas-new-techniques-to-evade-detection
- [2] https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/Malware/LummaStealer/IOCs