## MD5
```
f8df6cf748cc3cf7c05ab18e798b3e91,md5, info Stealer Implants,,,
ef8c77dc451f6c783d2c4ddb726de111,md5, info Stealer Implants,,,
de26f488328ea0436199c5f728ecd82a,md5, info Stealer Implants,,,
d4b75a8318befdb1474328a92f0fc79d,md5, info Stealer Implants,,,
ba40c097e9d06130f366b86deb4a8124,md5, info Stealer Implants,,,
b0844bb9a6b026569f9baf26a40c36f3,md5, info Stealer Implants,,,
89052678dc147a01f3db76febf8441e4,md5, info Stealer Implants,,,
842f8064a81eb5fc8828580a08d9b044,md5, info Stealer Implants,,,
7c527c6607cc1bfa55ac0203bf395939,md5, info Stealer Implants,,,
75fd9018433f5cbd2a4422d1f09b224e,md5, info Stealer Implants,,,
729c24cc6a49fb635601eb88824aa276,md5, info Stealer Implants,,,
69f6dcdb3d87392f300e9052de99d7ce,md5, info Stealer Implants,,,
5e17d1a077f86f7ae4895a312176eba6,md5, info Stealer Implants,,,
373ebf513d0838e1b8c3ce2028c3e673,md5, info Stealer Implants,,,
351260c2873645e314a889170c7a7750,md5, info Stealer Implants,,,
23ce22596f1c7d6db171753c1d2612fe,md5, info Stealer Implants,,,
0c03efd969f6d9e6517c300f8fd92921,md5, info Stealer Implants,,,
277acb857f1587221fc752f19be27187,md5, info Stealer Implants,,,
faa47ecbcc846bf182e4ecf3f190a9f4,md5, info Stealer Payload,,,
d8c6199b414bdf298b6a774e60515ba5,md5, info Stealer Payload,,,
9d3337f0e95ece531909e4c8d9f1cc55,md5, info Stealer Payload,,,
6bd84dfb987f9c40098d12e3959994bc,md5, info Stealer Payload,,,
6396908315d9147de3dff98ab1ee4cbe,md5, info Stealer Payload,,,
1e210fcc47eda459998c9a74c30f394e,md5, info Stealer Payload,,,
fe0438938eef75e090a38d8b17687357,md5, info Stealer Payload,,,
e0f8d7ec2be638fbf3ddf8077e775b2d,md5, info Stealer Bait File,,,
cdd4cfac3ffe891eac5fb913076c4c40,md5, info Stealer Bait File,,,
b57b13e9883bbee7712e52616883d437,md5, info Stealer Bait File,,,
a3f4e422aecd0547692d172000e4b9b9,md5, info Stealer Bait File,,,
9871272af8b06b484f0529c10350a910,md5, info Stealer Bait File,,,
97b19d9709ed3b849d7628e2c31cdfc4,md5, info Stealer Bait File,,,
8e960334c786280e962db6475e0473ab,md5, info Stealer Bait File,,,
76e7cbab1955faa81ba0dda824ebb31d,md5, info Stealer Bait File,,,
7140dbd0ca6ef09c74188a41389b0799,md5, info Stealer Bait File,,,
5c3394e37c3d1208e499abe56e4ec7eb,md5, info Stealer Bait File,,,
47765d12f259325af8acda48b1cbad48,md5, info Stealer Bait File,,,
3e6cf927c0115f76ccf507d2f5913e02,md5, info Stealer Bait File,,,
32da6c4a44973a5847c4a969950fa4c4,md5, info Stealer Bait File,,,
fea50d3bb695f6ccc5ca13834cdfe298,md5, Lumma Stealer,,,
83ae58dd03f33d1fae6771e859200be6,md5, Lumma Stealer,,,
7b1f43deed8fc7e35f8394548e12dd81,md5, Lumma Stealer,,,
c39f64a31e9f15338f83411bb9fc0942,md5, Lumma Stealer,,,
b832096cf669ff4d66e04b252cb1a1dc,md5, Lumma Stealer,,,
d6ea5dcdb2f88a65399f87809f43f83c,md5, erefgojgbu - CRYPTBOT,,,
307f40ebc6d8a207455c96d34759f1f3,md5, L2.zip - CRYPTBOT,,,
d8e21ac76b228ec144217d1e85df2693,md5, Sеtup.exe - CRYPTBOT,,,
43939986a671821203bf9b6ba52a51b4,md5, oqnhustu - LUMMAC.V2,,,
58c4ba9385139785e9700898cb097538,md5, WebView2Loader.dll - LUMMAC.V2,,,
95361f5f264e58d6ca4538e7b436ab67,md5, Downloader - PEAKLIGHT,,,
b716a1d24c05c6adee11ca7388b728d3,md5, Downloader - PEAKLIGHT,,,
b15bac961f62448c872e1dc6d3931016,md5, Aaaa.exe - SHADOWLADDER,,,
e7c43dc3ec4360374043b872f934ec9e,md5, bentonite.cfg - SHADOWLADDER,,,
f98e0d9599d40ed032ff16de242987ca,md5, cymophane.doc - SHADOWLADDER,,,
b6b8164feca728db02e6b636162a2960,md5, K1.zip - SHADOWLADDER,,,
bb9641e3035ae8c0ab6117ecc82b65a1,md5, K1.zip - SHADOWLADDER,,,
236c709bbcb92aa30b7e67705ef7f55a,md5, K2.zip - SHADOWLADDER,,, 
d7aff07e7cd20a5419f2411f6330f530,md5, K2.zip - SHADOWLADDER,,, 
a6c4d2072961e9a8c98712c46be588f8,md5, L1.zip - SHADOWLADDER,,,
059d94e8944eca4056e92d60f7044f14,md5, LiteSkinUtils.dll - SHADOWLADDER,,,
dfdc331e575dae6660d6ed3c03d214bd,md5, toughie.txt - SHADOWLADDER,,,
47eee41b822d953c47434377006e01fe,md5, WCLDll.dll - SHADOWLADDER,,,
```

## Sha256
```
b6a016ef240d94f86e20339c0093a8fa377767094276730acd96d878e0e1d624, sha256, Malware, PS, medium
cc29f33c1450e19b9632ec768ad4c8c6adbf35adaa3e1de5e19b2213d5cc9a54, sha256, Malware, PS, medium
632816db4e3642c8f0950250180dfffe3d37dca7219492f9557faf0ed78ced7c, sha256, Malware, ZIP, medium
19d04a09e2b691f4fb3c2111d308dcfa2651328dfddef701d86c726dce4a334a, sha256, Malware, ZIP, medium
d737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207, sha256, Malware, EXE, medium
bbf7154f14d736f0c8491fb9fb44d2f179cdb02d34ab54c04466fa0702ea7d55, sha256, Malware, EXE, medium
fa58022d69ca123cbc1bef13467d6853b2d55b12563afdbb81fc64b0d8a1d511, sha256, Malware, HTA, medium
ed062c189419bca7d8c816bcdb1a150c7ca7dd1ad6e30e1f46fae0c10ab062ef, sha256, AntiSpam.exe, nan, medium
d512bf205fb9d1c429a7f11f3b720c74680ea88b62dda83372be8f0de1073a08, sha256, AntiSpam.exe, nan, medium
dc5c9310a2e6297caa4304002cdfb6fbf7d6384ddbd58574f77a411f936fab0b, sha256, AntiSpam.exe, nan, medium
24b6ddd3028c28d0a13da0354333d19cbc8fd12d4351f083c8cb3a93ec3ae793, sha256, , nan, medium
9c1e0c8c5b9b9fe9d0aa533fb7d9d1b57db98fd70c4f66a26a3ed9e06ac132a7, sha256, , nan, medium
ac22ab152ed2e4e7b4cd1fc3025b58cbcd8d3d3ae3dbc447223dd4eabb17c45c, sha256, update6.exe	Used, nan, medium
ab1f101f6cd7c0cffc65df720b92bc8272f82a1e13f207dff21caaff7675029f, sha256, update7.exe, nan, medium
9ED2B4D88B263F5078003EF35654ED5C205AC2F2C0E9225D4CDB4C24A5EA9AF2, sha256, update8.exe, nan, medium
ab3daec39332ddeeba64a2f1916e6336a36ffcc751554954511121bd699b0caa, sha256, atiumdag.dll, nan, medium
7d96ec8b72015515c4e0b5a1ae6c799801cf7b86861ade0298a372c7ced5fd93, sha256, Log.dll., nan, medium
9dc809b2e5fbf38fa01530609ca7b608e2e61bd713145f84cf22c68809aec372, sha256, proxy, nan, medium
fb4fa180a0eee68c06c85e1e755f423a64aa92a3ec6cf76912606ac253973506, sha256, , PS, medium
fcf59559731574c845e42cd414359067e73fca108878af3ace99df779d48cbc3, sha256, , nan, medium
949faad2c2401eb854b9c32a6bb6e514ad075e5cbe96154c172f5f6628af43ed, sha256, , nan, medium
b92cf617a952f0dd2c011d30d8532d895c0cfbfd9556f7595f5b220e99d14d64, sha256, update2.dll , nan, medium
cff5c6694d8925a12ce13a85e969bd468e28313af2fb46797bdcf77092012732, sha256, APEXScan.exe	, nan, medium
cb03b206d63be966ddffa7a2115ea99f9fec50d351dce03dff1240bb073b5b50, sha256, unnamed , nan, medium
ccaa8c8b39cb4a4de4944200936bcd4796367c16421a89e6a7d5476ae2da78cd, sha256, update1.exe , nan, medium
1ade6a15ebcbe8cb9bda1e232d7e4111b808fd4128e0d5db15bfafafc3ec7b8e, sha256, update4.exe , nan, medium
ce1f44a677d9b7d1d62373175f5583d9e8c04e16ebd94656e21aa296e00e93d7, sha256, lu2.exe , nan, medium
```


## IPs
```
77.73.134.68,ip_address, Lumma Stealer
144.76.173.247,ip_address, Lumma Stealer
157.90.248.179,ip_address, Lumma Stealer
213.252.244.62,ip_address, Lumma Stealer
45.155.249.97,ip_address, Cobalt Strike C2 IP address
77.238.224.56,ip_address, C2 address
77.238.229.63,ip_address, C2 address
77.238.250.123,ip_address, C2 address
77.238.245.233,ip_address,C2 address
91.142.74.28,ip_address,C2 address
191.142.74.28,ip_address,C2 address
195.2.70.38,ip_address,C2 address
37.221.126.202,ip_address,C2 address used by the threat actor to connect via Anydesk
91.196.70.160,ip_address, Socks proxy server
217.15.175.191,ip_address, SystemBC C2 IP address
```


## Domains
```
testdomain123123.shop, domain, maliciousmd5, infoStealers
savefrom.net, domain,streamingmd5, infoStealers
unblocked.watch, domain,streamingmd5, infoStealers
mp3fromlink.com, domain,streamingmd5, infoStealers
hisotv.com, domain,streamingmd5, infoStealers
www.portalmovies.com.ar, domain,streamingmd5, infoStealers
sfrom.net, domain,streamingmd5, infoStealers
tagalogdubbed.com, domain,streamingmd5, infoStealers
www.youtubepp.com, domain,streamingmd5, infoStealers
ssyoutube.com, domain,streamingmd5, infoStealers
www.y2mate.com, domain,streamingmd5, infoStealers
Multicanais.love, domain,streamingmd5, infoStealers
averageorganicfallfaw.shop, domain, Command Servers -md5, infoStealers
distincttangyflippan.shop, domain, Command Servers -md5, infoStealers
macabrecondfucews.shop, domain, Command Servers -md5, infoStealers
greentastellesqwm.shop, domain, Command Servers -md5, infoStealers
stickyyummyskiwffe.shop, domain, Command Servers -md5, infoStealers
sturdyregularrmsnhw.shop, domain, Command Servers -md5, infoStealers
lamentablegapingkwaq.shop, domain, Command Servers -md5, infoStealers
Innerverdanytiresw.shop, domain, Command Servers -md5, infoStealers
standingcomperewhitwo.shop, domain, Command Servers -md5, infoStealers
uniedpureevenywjk.shop, domain, samples -md5, infoStealers
spotlessimminentys.shop, domain, samples -md5, infoStealers
specialadventurousw.shop, domain, samples -md5, infoStealers
stronggemateraislw.shop, domain, samples -md5, infoStealers
willingyhollowsk.shop, domain, samples -md5, infoStealers
handsomelydicrwop.shop, domain, samples -md5, infoStealers
softcallousdmykw.shop, domain, samples -md5, infoStealers
celebratioopz.shop, domain, Lumma Stealer, infoStealers
writerospzm.shop, domain, Lumma Stealer, infoStealers
deallerospfosu.shop, domain, Lumma Stealer, infoStealers
bassizcellskz.shop, domain, Lumma Stealer, infoStealers
mennyudosirso.shop, domain, Lumma Stealer, infoStealers
languagedscie.shop, domain, Lumma Stealer, infoStealers
complaintsipzzx.shop, domain, Lumma Stealer, infoStealers
quialitsuzoxm.shop, domain, Lumma Stealer, infoStealers
relaxtionflouwerwi.shop, domain, LUMMAC.V2 C2s, infoStealers
deprivedrinkyfaiir.shop, domain, LUMMAC.V2 C2s, infoStealers
detailbaconroollyws.shop, domain, LUMMAC.V2 C2s, infoStealers
messtimetabledkolvk.shop, domain, LUMMAC.V2 C2s, infoStealers
considerrycurrentyws.shop, domain, LUMMAC.V2 C2s, infoStealers
understanndtytonyguw.shop, domain, LUMMAC.V2 C2s, infoStealers
patternapplauderw.shop, domain, LUMMAC.V2 C2s, infoStealers
horsedwollfedrwos.shop, domain, LUMMAC.V2 C2s, infoStealers
tropicalironexpressiw.shop, domain, LUMMAC.V2 C2s, infoStealers
falseaudiencekd.shop, domain,Lumma C2 domain, infoStealers
feighminoritsjda.shop, domain,Lumma C2 domain, infoStealers
justifycanddidatewd.shop, domain,Lumma C2 domain, infoStealers
marathonbeedksow.shop, domain,Lumma C2 domain, infoStealers
pleasurenarrowsdla.shop, domain,Lumma C2 domain, infoStealers
raiseboltskdlwpow.shop, domain,Lumma C2 domain, infoStealers
richardflorespoew.shop, domain,Lumma C2 domain, infoStealers
strwawrunnygjwu.shop, domain,Lumma C2 domain, infoStealers
https://ch3.dlvideosfre.click/human-verify-system.html, domain, Lumma Stealer, infoStealers
https://verif.dlvideosfre.click/2ndhsoru, domain, Lumma Stealer, infoStealers
https://verif.dlvideosfre.click/K1.zip, domain, Lumma Stealer, infoStealers
https://verif.dlvideosfre.click/K2.zip, domain, Lumma Stealer, infoStealers
https://verif.dlvideosfre.click, domain, Lumma Stealer, infoStealers
Ofsetvideofre.click/, domain, Fake Captcha Websites, infoStealers
Newvideozones.click/veri.html, domain, Fake Captcha Websites, infoStealers
Clickthistogo.com/go/67fe87ca-a2d4-48ae-9352-c5453156df67?var_3=F60A0050-6F56-11EF-AA98-FFC33B7D3D59, domain, Fake Captcha Websites, infoStealers
Downloadstep.com/go/08a742f2-0a36-4a00-a979-885700e3028c, domain, Fake Captcha Websites, infoStealers
Betterdirectit.com/, domain, Fake Captcha Websites, infoStealers
Betterdirectit.com/go/67fe87ca-a2d4-48ae-9352-c5453156df67, domain, Fake Captcha Websites, infoStealers
heroic-genie-2b372e.netlify.app/please-verify-z.html, domain, Fake Captcha Websites, infoStealers
Downloadstep.com/go/79553157-f8b8-440b-ae81-0d81d8fa17c4, domain, Fake Captcha Websites, infoStealers
Downloadsbeta.com/go/08a742f2-0a36-4a00-a979-885700e3028c, domain, Fake Captcha Websites, infoStealers
Streamingsplays.com/go/6754805d-41c5-46b7-929f-6655b02fce2c, domain, Fake Captcha Websites, infoStealers
Streamingsplays.com/go/b11f973d-01d4-4a5b-8af3-139daaa5443f, domain, Fake Captcha Websites, infoStealers
Streamingszone.com/go/b3ddd860-89c0-448c-937d-acf02f7a766f?c=AOsl62afSQUAEX4CAEJPFwASAAAAAABQ, domain, Fake Captcha Websites, infoStealers
Streamingsplays.com/go/1c406539-b787-4493-a61b-f4ea31ffbd56, domain, Fake Captcha Websites, infoStealers
github-scanner.shop/, domain, Fake Captcha Websites, infoStealers
github-scanner.com/, domain, Fake Captcha Websites, infoStealers
botcheck.b-cdn.net/captcha-verify-v7.html, domain, Fake Captcha Websites, infoStealers
Rungamepc.ru/?load=Black-Myth-Wukong-crack, domain, Redirectingmd5, infoStealers
game02-com.ru/?load=Cities-Skylines-2-Crack-Setup, domain, Redirectingmd5, infoStealers
Rungamepc.ru/?load=Dragons-Dogma-2-Crack, domain, Redirectingmd5, infoStealers
Rungamepc.ru/?load=Dying-Light-2-Crack, domain, Redirectingmd5, infoStealers
Rungamepc.ru/?load=Monster-Hunter-Rise-Crack, domain, Redirectingmd5, infoStealers
Runkit.com/wukong/black-myth-wukong-crack-pc, domain, Websites Containing Malicious URLsmd5, infoStealers
Runkit.com/skylinespc/cities-skylines-ii-crack-pc-full-setup, domain, Websites Containing Malicious URLsmd5, infoStealers
Runkit.com/masterposte/dying-light-2-crack-on-pc-denuvo-fix, domain, Websites Containing Malicious URLsmd5, infoStealers
Runkit.com/dz4583276/monster-hunter-rise-crack-codex-pc/1.0.0/clone, domain, Websites Containing Malicious URLsmd5, infoStealers
Groups.google.com/g/hogwarts-legacy-crack-empress, domain, Websites Containing Malicious URLsmd5, infoStealers
By.tribuna.com/extreme/blogs/3143511-black-myth-wukong-full-unlock/, domain, Websites Containing Malicious URLsmd5, infoStealers
https://human-check.b-cdn.net/verify-captcha-v7.html, domain, Lumma Stealer CAPTCHA, infoStealers
https://poko.b-cdn.net/poko, domain,Lumma Stealer Mshta, infoStealers
https://fatodex.b-cdn.net/fatodex, domain, PEAKLIGHT NBIsmd5, infoStealers
https://matodown.b-cdn.net/matodown, domain, PEAKLIGHT NBIsmd5, infoStealers
https://potexo.b-cdn.net/potexo, domain, PEAKLIGHT NBIsmd5, infoStealers
hxxp://gceight8vt.top/upload.php, domain,CRYPTBOT C2s, infoStealers
https://brewdogebar.com/code.vue, domain,CRYPTBOT C2s, infoStealers
hxxp://62.133.61.56/Downloads/Full%20Video%20HD%20(1080p).lnk, domain,SHADOWLADDER, infoStealers
https://fatodex.b-cdn.net/K1.zip, domain,SHADOWLADDER, infoStealers
https://fatodex.b-cdn.net/K2.zip, domain,SHADOWLADDER, infoStealers
https://forikabrof.click/flkhfaiouwrqkhfasdrhfsa.png, domain,SHADOWLADDER, infoStealers
https://matodown.b-cdn.net/K1.zip, domain,SHADOWLADDER, infoStealers
https://matodown.b-cdn.net/K2.zip, domain,SHADOWLADDER, infoStealers
https://nextomax.b-cdn.net/L1.zip, domain,SHADOWLADDER, infoStealers
https://nextomax.b-cdn.net/L2.zip, domain,SHADOWLADDER, infoStealers
https://potexo.b-cdn.net/K1.zip, domain,SHADOWLADDER, infoStealers
https://potexo.b-cdn.net/K2.zip, domain,SHADOWLADDER, infoStealers
spamicrosoft.com, domain,Used to make external Microsoft Teams calls after email bombing users., infoStealers
halagifts.com, domain,SystemBC C2 domain, infoStealers
preservedmoment.com, domain,Cobalt Strike domain, infoStealers
```

[1][2][3][4][5][6]



[1]: https://securelist.com/angry-likho-apt-attacks-with-lumma-stealer/115663/
[2]: https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/
[3]: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/behind-the-captcha-a-clever-gateway-of-malware/
[4]: https://denwp.com/dissecting-lumma-malware/
[5]: https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/
[6]: https://www.rapid7.com/blog/post/2024/08/12/ongoing-social-engineering-campaign-refreshes-payloads/