Skip to content Dark Web Informer - Cyber Threat Intelligence
IOC

IOC Alert: Lumma Stealer Command-and-Control Infrastructure

📖 Overview
A URL-based indicator has been identified linking to a Telegram channel leveraged as command-and-control infrastructure for Lumma Stealer. Telegram continues to be abused by threat actors for data exfiltration and C2 management due to its encryption and ease of access. Confidence is assessed at 75%.


📌 Key Details

FieldInformation
TypeURL
Indicatort[.]me/bdfgjdf5
Threat TypeBotnet C2
Malwarewin.lumma
Confidence75%
Date05 Sep 2025 – 18:01:22 UTC
TagsLumma
Reporterabuse_ch

🔎 URLScan Result
Page Title: Telegram: View @sguajfjsjf
Screenshot: https://urlscan.io/screenshots/01991b03-c03c-72cf-b3b0-c358fd3c55e7.png
Result: https://urlscan.io/result/01991b03-c03c-72cf-b3b0-c358fd3c55e7/


📡 Related Intelligence
VirusTotal Report: https://www.virustotal.com/gui/url/5912bb62f0a6f9513b5cafbdae34bb88e07feae5d036321b5b39c63a8d85009b
Reference: https://bazaar.abuse.ch/sample/f57829fccab2aa91f23ab2a8779fc7aa93bf5eabd1010bb3479580989f6bce45/


🛡️ Defensive Guidance

  • Monitor for Lumma Stealer beaconing patterns over Telegram channels.
  • Hunt for credential exfiltration attempts and Telegram API usage in logs.
  • Review telemetry for traffic to other suspicious Telegram channels.

⚠️ Confidence is moderate (75%), requiring additional corroboration before operational blocking in all environments.

Latest