{
	"id": "913f89e1-a13f-4ff9-9550-248c201b1525",
	"created_at": "2026-04-06T00:21:00.202409Z",
	"updated_at": "2026-04-10T13:11:38.519365Z",
	"deleted_at": null,
	"sha1_hash": "47739ee04363eca89878b0689a04a4305e33d76e",
	"title": "Lumma Stealer actively deployed in multiple campaigns",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 59517,
	"plain_text": "Lumma Stealer actively deployed in multiple campaigns\r\nBy Intrinsec\r\nPublished: 2023-10-17 · Archived: 2026-04-05 21:27:01 UTC\r\n[et_pb_section fb_built=”1″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_row\r\ncolumn_structure=”1_2,1_2″ _builder_version=”4.16″ _module_preset=”default” custom_margin=”|6px||6px||”\r\ncustom_padding=”85px|0px||||” global_colors_info=”{}”][et_pb_column type=”1_2″ _builder_version=”4.16″\r\n_module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.22.2″\r\n_module_preset=”default” text_font=”|600|||||||” header_font=”|600|||||||” custom_margin=”-15px||-1px||false|false”\r\ncustom_padding=”0px|||||” global_colors_info=”{}”]\r\nLummaC2 Stealer \r\n[/et_pb_text][et_pb_text _builder_version=”4.22.2″ _module_preset=”default” text_text_color=”#000000″\r\ncustom_margin=”|68px||||” custom_padding=”27px|0px||||” global_colors_info=”{}”]\r\nKey findings\r\nIn this report are presented:\r\nLumma Stealer, also known as LummaC2 Stealer, is a malware-as-a-service sold through Telegram and Russian-speaking cybercrime forums. In this report, the following will be addressed:\r\nThe presence of Lumma in Russian-speaking forums and Telegram.\r\nCode analysis of different campaigns distributing Lumma stealer using various techniques.\r\nThe infrastructure associated with Lumma stealer, including the old and new versions of C2 panels.A trail,\r\nthat we uncovered, which indicates a potential use of Lumma by a Russian intrusion set.\r\nIntrinsec’s CTI services\r\nOrganisations are facing a rise in the sophistication of threat actors and intrusion sets. To address these evolving\r\nthreats, it is now necessary to take a proactive approach in the detection and analysis of any element deemed\r\nmalicious. Such a hands-on approach allows companies to anticipate, or at least react as quickly as possible to the\r\ncompromises they face.\r\nFor this report, shared with our clients in July 2023, Intrinsec relied on its Cyber Threat Intelligence service,\r\nwhich provides its customers with high value-added, contextualized and actionable intelligence to understand and\r\ncontain cyber threats. Our CTI team consolidates data \u0026 information gathered from our security monitoring\r\nservices (SOC, MDR …), our incident response team (CERT-Intrinsec) and custom cyber intelligence generated\r\nby our analysts using custom heuristics, honeypots, hunting, reverse-engineering \u0026 pivots.\r\nIntrinsec also offers various services around Cyber Threat Intelligence:\r\nhttps://www.intrinsec.com/lumma_stealer_actively_deployed_in_multiple_campaigns/\r\nPage 1 of 5\n\nRisk anticipation: which can be leveraged to continuously adapt the detection \u0026 response capabilities of\r\nour clients’ existing tools (EDR, XDR, SIEM, …) through:\r\nan operational feed of IOCs based on our exclusive activities.\r\nthreat intel notes \u0026 reports, TIP-compliant.\r\nDigital risk monitoring:\r\ndata leak detection \u0026 remediation\r\nexternal asset security monitoring (EASM)\r\nbrand protection\r\nFor more information, go to htbqccsz.elementor.cloud/en/cyber-threat-intelligence/.\r\nFollow us on Linkedin and Twitter\r\n[/et_pb_text][et_pb_button button_url=\"https://www.intrinsec.com/wp-content/uploads/2023/10/TLP-CLEAR-Lumma-Stealer-EN-Information-report.pdf\" button_text=\"Continue reading\" _builder_version=\"4.22.2\"\r\n_module_preset=\"default\" custom_button=\"on\" button_border_radius=\"40px\" button_icon=\"||divi||400\"\r\nbox_shadow_style=\"preset1\" global_colors_info=\"{}\"][/et_pb_button][/et_pb_column][et_pb_column\r\ntype=\"1_2\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_image\r\nsrc=\"https://www.intrinsec.com/wp-content/uploads/2023/10/Lumma_Stealer-scaled.jpg\"\r\nalt=\"Cybersecurity_Energy\" title_text=\"Lumma_Stealer\" align=\"center\" _builder_version=\"4.22.2\"\r\n_module_preset=\"default\" width=\"76%\" module_alignment=\"center\" global_colors_info=\"{}\"][/et_pb_image]\r\n[/et_pb_column][/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\"\r\nglobal_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\"\r\nglobal_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" text_font=\"|600|||||||\"\r\ntext_font_size=\"35px\" text_orientation=\"center\" global_colors_info=\"{}\"]\r\nOther analysis\r\n[/et_pb_text][et_pb_divider divider_weight=”3px” _builder_version=”4.16″ _module_preset=”default”\r\nwidth=”10%” module_alignment=”center” global_colors_info=”{}”][/et_pb_divider][et_pb_blog fullwidth=”off”\r\ninclude_categories=”1584″ excerpt_length=”150″ show_author=”off” show_date=”off” show_categories=”off”\r\nmasonry_tile_background_color=”RGBA(255,255,255,0)” _builder_version=”4.16″ _module_preset=”default”\r\nheader_font=”|600|||||||” body_font=”|300|||||||” body_text_color=”#000000″ width=”80%”\r\nmodule_alignment=”center” custom_margin=”|||0px|false|false” custom_padding=”0px|||0px|false|false”\r\nanimation_style=”fade” animation_duration=”2000ms” enable_grid_motion=”on”\r\nborder_radii=”on|20px|20px|20px|20px” border_width_top=”0px” border_color_top=”RGBA(255,255,255,0)”\r\nbox_shadow_style=”preset1″ box_shadow_blur=”14px” box_shadow_spread=”-3px” global_colors_info=”{}”]\r\n[/et_pb_blog][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”4.16″\r\n_module_preset=”default” global_colors_info=”{}”][et_pb_row column_structure=”1_2,1_2″ admin_label=”12\r\nDays of Christmas – Day 05 Contact Form Module 1″ _builder_version=”4.16″ background_size=”initial”\r\nbackground_position=”top_left” background_repeat=”repeat” max_width=”1516px”\r\ncustom_margin=”||100px||false|false” custom_padding=”50px|30px|50px|64px|false|false”\r\ncustom_css_main_element=” z-index: 9;” border_radii=”on|10px|10px|10px|10px” box_shadow_style=”preset1″\r\nbox_shadow_blur=”10px” use_custom_width=”on” custom_width_px=”1516px” global_colors_info=”{}”]\r\nhttps://www.intrinsec.com/lumma_stealer_actively_deployed_in_multiple_campaigns/\r\nPage 2 of 5\n\n[et_pb_column type=”1_2″ _builder_version=”4.16″ custom_padding=”6px|||” global_colors_info=”{}”\r\ncustom_padding__hover=”|||”][et_pb_text admin_label=”Lorem Ipsum” _builder_version=”4.16″\r\ntext_font=”Lato|||on|||||” text_text_color=”#a7a7a7″ text_font_size=”16px” custom_margin=”|0%|-20px|0px”\r\ncustom_padding=”0%|0%|0%|0%” custom_css_main_element=”float: none !important;”\r\nglobal_colors_info=”{}”][/et_pb_text][et_pb_cta title=”N’hésitez pas à nous contacter” button_url=”/nos-expertises-en-securite-informatique/” button_text=”Découvrez nos expertises” admin_label=”Where do you want\r\nto go today?” _builder_version=”4.16″ header_font=”Poppins|500|||||||” header_text_align=”left”\r\nheader_text_color=”#000000″ header_font_size=”32px” header_letter_spacing=”0.6px”\r\nheader_line_height=”120%” body_font=”Poppins||||||||” body_text_color=”#000000″ body_font_size=”17px”\r\nbody_line_height=”30px” use_background_color=”off” custom_button=”on” button_text_size=”18px”\r\nbutton_text_color=”#ffffff” button_bg_color=”#c41718″ button_border_width=”1px”\r\nbutton_border_color=”#c41718″ button_border_radius=”40px” button_font=”Montserrat|500|||||||”\r\nbutton_use_icon=”off” button_alignment=”left” text_orientation=”left” background_layout=”light”\r\nmax_width=”568px” max_width_tablet=”100%” max_width_phone=”” max_width_last_edited=”on|tablet”\r\ncustom_margin=”30px|||” custom_margin_tablet=”” custom_margin_phone=”|||”\r\ncustom_margin_last_edited=”on|desktop” custom_padding=”|||” header_font_size_tablet=”30px”\r\nheader_font_size_phone=”26″ header_font_size_last_edited=”on|phone” header_line_height_tablet=””\r\nheader_line_height_phone=”” header_line_height_last_edited=”on|desktop” body_font_size_tablet=””\r\nbody_font_size_phone=”” body_font_size_last_edited=”on|phone” button_text_size_tablet=””\r\nbutton_text_size_phone=”17px” button_text_size_last_edited=”on|phone” custom_css_promo_button=”padding:\r\n11px 2.2vw !important;||margin-top: 37px !important;” custom_css_promo_title=” font-weight: 400;|| padding-bottom: 18px;” box_shadow_style_button=”preset1″ button_text_color_hover=”#c41718″\r\nbutton_border_color_hover=”#c41718″ button_border_radius_hover=”2px” button_bg_color_hover=”#ffffff”\r\nglobal_colors_info=”{}” button_text_size__hover_enabled=”off” button_one_text_size__hover_enabled=”off”\r\nbutton_two_text_size__hover_enabled=”off” button_text_color__hover_enabled=”on”\r\nbutton_text_color__hover=”#c41718″ button_one_text_color__hover_enabled=”off”\r\nbutton_two_text_color__hover_enabled=”off” button_border_width__hover_enabled=”off”\r\nbutton_one_border_width__hover_enabled=”off” button_two_border_width__hover_enabled=”off”\r\nbutton_border_color__hover_enabled=”on” button_border_color__hover=”#c41718″\r\nbutton_one_border_color__hover_enabled=”off” button_two_border_color__hover_enabled=”off”\r\nbutton_border_radius__hover_enabled=”on|desktop” button_border_radius__hover=”40px”\r\nbutton_one_border_radius__hover_enabled=”off” button_two_border_radius__hover_enabled=”off”\r\nbutton_letter_spacing__hover_enabled=”off” button_one_letter_spacing__hover_enabled=”off”\r\nbutton_two_letter_spacing__hover_enabled=”off” button_bg_color__hover_enabled=”on”\r\nbutton_bg_color__hover=”#ffffff” button_one_bg_color__hover_enabled=”off”\r\nbutton_two_bg_color__hover_enabled=”off”]\r\nLaissez-nous un message décrivant vos besoins en sécurité, ou bien contactez-nous si vous souhaitez avoir des\r\ninformations concernant nos activités. Nous vous répondrons dans les meilleurs délais.\r\nN’oubliez pas de renseigner votre adresse e-mail ou téléphone afin que nous puissions vous recontacter\r\nrapidement. \r\nhttps://www.intrinsec.com/lumma_stealer_actively_deployed_in_multiple_campaigns/\r\nPage 3 of 5\n\n[/et_pb_cta][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.16″ custom_padding=”|||”\r\nglobal_colors_info=”{}” custom_padding__hover=”|||”][et_pb_contact_form captcha=”off”\r\nemail=”contact@intrinsec.com” success_message=”Votre message a bien été envoyé”\r\nsubmit_button_text=”Envoyer” admin_label=”Day 05 Contact Form Module 1″\r\nmodule_id=”et_pb_contact_form_1″ _builder_version=”4.16″ _unique_id=”538efec8-3317-4a98-b5a1-\r\n5cf0b096fc6d” form_field_background_color=”#ffffff” form_field_text_color=”#b3b3b3″\r\nform_field_focus_text_color=”#000000″ title_font=”Poppins|700|||||||” title_text_align=”left”\r\ntitle_text_color=”#000000″ title_font_size=”24″ title_letter_spacing=”0.6px” form_field_font=”Poppins||||||||”\r\nform_field_text_align=”left” form_field_font_size=”16px” background_color=”#ffffff” custom_button=”on”\r\nbutton_text_size=”20px” button_text_color=”#000000″ button_bg_color=”RGBA(255,255,255,0)”\r\nbutton_border_width=”0px” button_border_color=”#000000″ button_border_radius=”0px”\r\nbutton_font=”Poppins||||||||” button_icon=”||fa||400″ button_icon_color=”#E02B20″\r\nbutton_icon_placement=”left” button_on_hover=”off” button_custom_margin=”||0px|0px|false|false”\r\nbutton_custom_padding=”0px|0px||0px|false|false” text_orientation=”left”\r\ncustom_padding=”3.7vw|2.9vw|3.7vw|2.9vw” custom_css_main_element=”box-shadow: 0px 4px 47px 0px\r\nrgba(160, 190, 212, 0.22);||border-radius: 10px;” custom_css_contact_button=” width: 100%;|| margin: 0;||\r\npadding: 12px 0 !important;” custom_css_contact_fields=”border-bottom: 3px solid #dbdbdb !important;||\r\npadding: 20px 0 20px 0px!important;” custom_css_text_field=” height: 242px !important;|| resize: none\r\n!important;||border-bottom: 3px solid #dbdbdb !important;|| padding: 20px 0 20px 0px!important;||overflow:\r\nhidden;|| display: block;|| margin-bottom: 14px;” border_radii=”on|0px|0px|0px|0px” input_border_radius=”0px”\r\nform_background_color=”#ffffff” global_colors_info=”{}”][et_pb_contact_field field_id=”Name”\r\nfield_title=”Votre nom” fullwidth_field=”on” _builder_version=”4.16″ form_field_font=”||||”\r\nform_field_font_size_tablet=”” form_field_font_size_phone=”” form_field_font_size_last_edited=”on|desktop”\r\nuse_border_color=”off” global_colors_info=”{}” button_text_size__hover_enabled=”off”\r\nbutton_one_text_size__hover_enabled=”off” button_two_text_size__hover_enabled=”off”\r\nbutton_text_color__hover_enabled=”off” button_one_text_color__hover_enabled=”off”\r\nbutton_two_text_color__hover_enabled=”off” button_border_width__hover_enabled=”off”\r\nbutton_one_border_width__hover_enabled=”off” button_two_border_width__hover_enabled=”off”\r\nbutton_border_color__hover_enabled=”off” button_one_border_color__hover_enabled=”off”\r\nbutton_two_border_color__hover_enabled=”off” button_border_radius__hover_enabled=”off”\r\nbutton_one_border_radius__hover_enabled=”off” button_two_border_radius__hover_enabled=”off”\r\nbutton_letter_spacing__hover_enabled=”off” button_one_letter_spacing__hover_enabled=”off”\r\nbutton_two_letter_spacing__hover_enabled=”off” button_bg_color__hover_enabled=”off”\r\nbutton_one_bg_color__hover_enabled=”off” button_two_bg_color__hover_enabled=”off”][/et_pb_contact_field]\r\n[et_pb_contact_field field_id=”Prénom” field_title=”Votre prénom” fullwidth_field=”on”\r\n_builder_version=”4.16″ form_field_font=”||||” use_border_color=”off” global_colors_info=”{}”\r\nbutton_text_size__hover_enabled=”off” button_one_text_size__hover_enabled=”off”\r\nbutton_two_text_size__hover_enabled=”off” button_text_color__hover_enabled=”off”\r\nbutton_one_text_color__hover_enabled=”off” button_two_text_color__hover_enabled=”off”\r\nbutton_border_width__hover_enabled=”off” button_one_border_width__hover_enabled=”off”\r\nbutton_two_border_width__hover_enabled=”off” button_border_color__hover_enabled=”off”\r\nbutton_one_border_color__hover_enabled=”off” button_two_border_color__hover_enabled=”off”\r\nhttps://www.intrinsec.com/lumma_stealer_actively_deployed_in_multiple_campaigns/\r\nPage 4 of 5\n\nbutton_border_radius__hover_enabled=”off” button_one_border_radius__hover_enabled=”off”\r\nbutton_two_border_radius__hover_enabled=”off” button_letter_spacing__hover_enabled=”off”\r\nbutton_one_letter_spacing__hover_enabled=”off” button_two_letter_spacing__hover_enabled=”off”\r\nbutton_bg_color__hover_enabled=”off” button_one_bg_color__hover_enabled=”off”\r\nbutton_two_bg_color__hover_enabled=”off”][/et_pb_contact_field][et_pb_contact_field field_id=”Votre_email”\r\nfield_title=”Votre email” field_type=”email” fullwidth_field=”on” _builder_version=”4.16″ form_field_font=”||||”\r\nuse_border_color=”off” global_colors_info=”{}” button_text_size__hover_enabled=”off”\r\nbutton_one_text_size__hover_enabled=”off” button_two_text_size__hover_enabled=”off”\r\nbutton_text_color__hover_enabled=”off” button_one_text_color__hover_enabled=”off”\r\nbutton_two_text_color__hover_enabled=”off” button_border_width__hover_enabled=”off”\r\nbutton_one_border_width__hover_enabled=”off” button_two_border_width__hover_enabled=”off”\r\nbutton_border_color__hover_enabled=”off” button_one_border_color__hover_enabled=”off”\r\nbutton_two_border_color__hover_enabled=”off” button_border_radius__hover_enabled=”off”\r\nbutton_one_border_radius__hover_enabled=”off” button_two_border_radius__hover_enabled=”off”\r\nbutton_letter_spacing__hover_enabled=”off” button_one_letter_spacing__hover_enabled=”off”\r\nbutton_two_letter_spacing__hover_enabled=”off” button_bg_color__hover_enabled=”off”\r\nbutton_one_bg_color__hover_enabled=”off” button_two_bg_color__hover_enabled=”off”][/et_pb_contact_field]\r\n[et_pb_contact_field field_id=”Décrivez-nous_vos_besoins” field_title=”Décrivez-nous vos besoins”\r\nfield_type=”text” fullwidth_field=”on” _builder_version=”4.16″ form_field_font=”||||” use_border_color=”off”\r\nglobal_colors_info=”{}” button_text_size__hover_enabled=”off” button_one_text_size__hover_enabled=”off”\r\nbutton_two_text_size__hover_enabled=”off” button_text_color__hover_enabled=”off”\r\nbutton_one_text_color__hover_enabled=”off” button_two_text_color__hover_enabled=”off”\r\nbutton_border_width__hover_enabled=”off” button_one_border_width__hover_enabled=”off”\r\nbutton_two_border_width__hover_enabled=”off” button_border_color__hover_enabled=”off”\r\nbutton_one_border_color__hover_enabled=”off” button_two_border_color__hover_enabled=”off”\r\nbutton_border_radius__hover_enabled=”off” button_one_border_radius__hover_enabled=”off”\r\nbutton_two_border_radius__hover_enabled=”off” button_letter_spacing__hover_enabled=”off”\r\nbutton_one_letter_spacing__hover_enabled=”off” button_two_letter_spacing__hover_enabled=”off”\r\nbutton_bg_color__hover_enabled=”off” button_one_bg_color__hover_enabled=”off”\r\nbutton_two_bg_color__hover_enabled=”off”][/et_pb_contact_field][et_pb_contact_field field_id=”source”\r\nfield_title=”Comment avez-vous connu Intrinsec ?” fullwidth_field=”on” _builder_version=”4.16″\r\nglobal_colors_info=”{}”][/et_pb_contact_field][/et_pb_contact_form][/et_pb_column][/et_pb_row]\r\n[/et_pb_section]\r\nSource: https://www.intrinsec.com/lumma_stealer_actively_deployed_in_multiple_campaigns/\r\nhttps://www.intrinsec.com/lumma_stealer_actively_deployed_in_multiple_campaigns/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.intrinsec.com/lumma_stealer_actively_deployed_in_multiple_campaigns/"
	],
	"report_names": [
		"lumma_stealer_actively_deployed_in_multiple_campaigns"
	],
	"threat_actors": [],
	"ts_created_at": 1775434860,
	"ts_updated_at": 1775826698,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/47739ee04363eca89878b0689a04a4305e33d76e.pdf",
		"text": "https://archive.orkl.eu/47739ee04363eca89878b0689a04a4305e33d76e.txt",
		"img": "https://archive.orkl.eu/47739ee04363eca89878b0689a04a4305e33d76e.jpg"
	}
}