IOC Radar
DomainMediumSignal 64/100

cabbagepattof.net

Location
United StatesUnited States
First Seen
Feb 1, 2025
Last Seen
Apr 20, 2026
Feb 1
First Seen
509d ago
Apr 20
Last Seen
66d ago
12
Reports
source reports
64%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

47 techniques

Feed Intelligence Summary

12 reports64% confidence
12
Source reports
64%
Confidence score
Category tags
abuseactive scanaptbad reputationbitsight tracebotnetbotnet activitybrowser data theftbrute forcec2c2 communicationcommand & controlcommand and controlcookie stealingcredential accesscredential harvestingcredential stealercredential stealer activitycredential stealingcredential stuffingcredential theftcryptocurrencycryptocurrency theftdata encryptiondata exfiltrationdata store exposuredata theftdistributed attacksencryptionexfiltrationexploitation activityextortionidentity & access exploitationindicatorinformation stealerinformation stealer activityinfostealerinfrastructure acquisitionreconnaissanceinfrastructure takedowningress tool transferinjection activityioclummalumma stealerlummaclummac2lummac2 iocsmaasmalicious softwaremalvertisingmalwaremalware distributionmalware-as-a-servicemanualmetametadata analysismfa token theftmulti-tiered c2networknorth americaoperating systempassword stealingpassword theftphishingphishing attackphishing campaignsprocess injectionransomwareredlineremote servicesresearchedrussian threat actorserviceshamelsocial engineeringsocial media securitysteamsteam profilesystem disruptiont1003t1003.001t1005t1016t1021t1021.001t1027t1027.001t1027.002t1027.003t1036t1041t1055t1056t1056.001t1059t1059.005t1069.001t1071t1071.001t1078t1081t1102t1105t1113t1115t1189t1204t1204.002t1486t1490t1496t1499.002t1499.003t1539t1555t1555.003t1555.004t1565t1566t1566.001t1566.002t1566.003t1571t1573t1587.001t1590.001threat actortor nodetrojan malwaretrojanized softwareunited stateswin32 malwarewindowswindows malware

Activity Timeline

1 total obs
Apr 20Apr 20

Threat Activity Heatmap

· Peak: 2026-04-20
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain cabbagepattof.net has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats originating from the United States. First observed on February

Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
12
Reports
First seenFeb 1, 2025
Last seenApr 20, 2026

VirusTotal

Not checked

WHOIS

description
A coordinated international operation led by Microsoft’s Digital Crimes Unit (DCU), the U.S. Department of Justice (DOJ), Europol, and partners has dismantled the infrastructure of Lumma Stealer, a notorious Malware-as-a-Service (MaaS) platform linked to over 10 million infections and 1.7 million confirmed attacks globally. The action, announced in May 2025, resulted in the seizure of 2,300 malicious domains, sinkholing of traffic to Microsoft-controlled servers, and the suspension of Lumma’s Telegram-based affiliate marketplace, crippling its ability to steal sensitive data like passwords, cryptocurrency wallets, and MFA tokens 311. Lumma, developed by Russian threat actor "Shamel," operated under a subscription model ($250–$20,000) and was distributed via phishing campaigns, malvertising, and trojanized software. Its evasion tactics—such as abuse of legitimate cloud services, encrypted C2 communications, and geofenced payloads—made it a preferred tool for ransomware affiliates and credential harvesters.
domain rank
-1
raw
Administrative city: Redmond Administrative country: United States Administrative email: [email protected] Administrative state: WA Create date: 2025-05-16 00:00:00 Domain name: cabbagepattof.net Domain registrar id: 292 Domain registrar url: http://www.markmonitor.com Expiry date: 2026-05-16 00:00:00 Query time: 2025-05-19 13:56:43 Registrant city: b6b1ba5f05367788 Registrant company: 628983377a05fb4c Registrant country: United States Registrant email: [email protected] Registrant fax: 6c39824943df5520 Registrant name: b70d6f5829d804ce Registrant phone: 1ad2654c255d0dcb Registrant state: 163b5dbd6196f461 Registrant zip: 2908382a58eb4969 Technical city: Redmond Technical country: United States Technical email: [email protected] Technical state: WA Update date: 2025-05-17 00:00:00
references
https://www.bitsight.com/blog/lumma-stealer-is-out-of-business, https://www.virustotal.com/graph/g9155e32765e8465eb4c422d9abc5dcc8c830fa9dc83e40a99c0b1c6fb56e098c, https://threatfox.abuse.ch/export/csv/recent/, https://raw.githubusercontent.com/bitsight-research/threat_research/refs/heads/main/lumma/lumma_iocs.csv
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 12 threat reports