Part 2: Tracking LummaC2 Infrastructure

SUMMARY :

An investigation into domains associated with the LummaC2 infostealing-malware campaign revealed a broader network of nearly 500 domains with highly malicious risk scores. These domains share similar registration patterns, including the use of Eastern European names and the inbox[.]eu email domain. The domains predominantly advertise technical education courses, but are likely lures for malware delivery. Four domains were identified as LummaC2 login panels. The campaign's infrastructure uses specific TLDs, naming conventions, and a Hong Kong address linked to OFAC-sanctioned entities. Security teams are advised to monitor for similar domain patterns, scrutinize suspicious training sites, and educate users about the risks.

OPENCTI LABELS :

infostealer,lummac2,malicious domains,acreed,domain infrastructure,technical education lure,eastern european names


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Part 2: Tracking LummaC2 Infrastructure