IOC Radar
DomainMediumSignal 64/100

lightdeerysua.biz

Location
United StatesUnited States
First Seen
Jan 22, 2025
Last Seen
Jun 7, 2026
Jan 22
First Seen
509d ago
Jun 7
Last Seen
7d ago
17
Reports
source reports
64%
Confidence
medium
20/91
VirusTotal
detections
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

53 techniques

Feed Intelligence Summary

17 reports64% confidence
17
Source reports
64%
Confidence score
Category tags
abuseactive scanactive scanningahnlab securityanydeskaptattackautoitautoit scriptbad reputationbitsight traceblocklistbotnetbotnet activitybrowser data theftbrute forcec2c2 communicationcaptchacastle loadercastleloadercommand & controlcommand and controlcookie stealingcredential accesscredential harvestingcredential stealercredential stealer activitycredential stuffingcredential theftcryptocryptocurrencycryptocurrency theftdata exfiltrationdata store exposuredata theftdestroylist_phishingdetected malicious activitydiscorddistributed attacksdomaindrainerexfiltrationexodusexploit deliveryexploitation activityfigurefin scanfraudftp brute forcefuturehashmd5http attackhttp brute forceidentity & access exploitationindicatorinformation stealerinformation stealer activityinfostealerinfrastructure acquisitionreconnaissanceinfrastructure takedowningress tool transferinjection activityinsiktiocloader filelummalumma domainlumma iplumma stealerlummaclummac2lummac2 iocslummac2 malwarelummastealermaasmalicious activitymalicious linksmalicious softwaremalvertisingmalwaremalware distributionmalware-as-a-servicemetametadata analysismfa token theftmulti-tiered c2mzpenetworknetwork scanningnorth americansisnull scanoperating systempassword stealingpassword theftphishingphishing attackphishing campaignspowershellprocess injectionpythonransomwarereconnaissanceredlineremote accessremote servicesresearchedrugmirunnerrussian threat actorscamscams & fraudselfextractorserviceservice scanshamelsocial engineeringsocial media securityssh attacksteamsteam profilesyn scant1003t1003.001t1005t1021t1021.001t1027t1027.001t1027.002t1027.003t1041t1046t1055t1056t1056.001t1059t1059.005t1069.001t1071t1071.001t1076t1078t1081t1102t1105t1110t1110.002t1113t1115t1189t1190t1204t1204.001t1204.002t1486t1496t1499.002t1499.003t1539t1555t1555.003t1555.004t1563t1565t1566t1566.001t1566.002t1566.003t1587.001t1590.001t1595t1595.001t1595.002t1595.003threat actortor nodetotal commandertrojan malwaretrojanized softwareudp port scanunited statesvba scriptweb securitywindowswscript loaderxmas scan

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **lightdeerysua.biz** has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnets, command and control (C

Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
17
Reports
First seenJan 22, 2025
Last seenJun 7, 2026

VirusTotal

20/ 91vendors flagged
22% detection rateJun 8, 2026

WHOIS

description
Real-time feed of phishing, crypto drainer, and scam domains detected by PhishDestroy (phishdestroy.io). Updated hourly. 108K+ domains tracked, 55K+ currently active. Source: github.com/phishdestroy/destroylist
domain rank
-1
raw
Administrative city: REDACTED FOR PRIVACY Administrative country: REDACTED FOR PRIVACY Administrative state: REDACTED FOR PRIVACY Create date: 2025-01-11 00:00:00 Domain name: lightdeerysua.biz Domain registrar id: 472 Domain registrar url: https://www.dynadot.com/ Expiry date: 2026-01-11 00:00:00 Name server 1: ns1.dyna-ns.net Name server 2: ns2.dyna-ns.net Query time: 2025-01-12 13:26:18 Registrant city: 1f8f4166599d23ee Registrant company: 473daf17453d83cd Registrant country: United States Registrant email: 29e2c061f3c9524es@ Registrant fax: 1f8f4166599d23ee Registrant name: 1f8f4166599d23ee Registrant phone: 1f8f4166599d23ee Registrant state: 77ab92f1911d7c5f Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: REDACTED FOR PRIVACY Technical state: REDACTED FOR PRIVACY Update date: 2025-01-11 00:00:00
references
https://www.bitsight.com/blog/lumma-stealer-is-out-of-business, https://www.virustotal.com/graph/g9155e32765e8465eb4c422d9abc5dcc8c830fa9dc83e40a99c0b1c6fb56e098c, https://threatfox.abuse.ch/export/csv/recent/, https://raw.githubusercontent.com/bitsight-research/threat_research/refs/heads/main/lumma/lumma_iocs.csv, https://asec.ahnlab.com/en/86435/
subdomains count
14

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 7 days ago
Appeared in 17 threat reports