IOC Radar
DomainMediumSignal 73/100

possiwreeste.site

Location
United StatesUnited States
First Seen
Sep 29, 2024
Last Seen
Jun 5, 2026
Sep 29
First Seen
621d ago
Jun 5
Last Seen
7d ago
12
Reports
source reports
73%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
73%
Signal Score
73 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

28 techniques

Feed Intelligence Summary

12 reports73% confidence
12
Source reports
73%
Confidence score
Category tags
abuseattackbitsight traceblock-or-filter-listbotnetc2c2 communicationcisacommand and controlcredential harvestingcredential theftcryptocurrency theftdata exfiltrationdata theftdistributed attacksindicatorinfostealeringress tool transferioclummalumma stealerlummac2lummac2 iocsmaasmalicious activitymalicious softwaremalvertisingmalwaremalware: lumma stealermetadata analysismfa token theftnetworknorth americaoperating systempassword theftphishingphishing attackphishing campaignsprocess injectionredlineresearchedrussian threat actorserviceshamelsocial engineeringsocial media securitysteamsteam profilet1021.001t1027t1041t1055t1059t1059.005t1069.001t1071t1071.001t1078t1102t1105t1189t1204t1204.002t1486t1496t1499.002t1499.003t1539t1555t1555.003t1555.004t1565t1566t1566.001t1566.002t1566.003threat actortrojan malwaretrojanized softwareunited states

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
73
SIGNAL
Signal Score
73%
Confidence
12
Reports
First seenSep 29, 2024
Last seenJun 5, 2026

VirusTotal

Not checked

WHOIS

description
A coordinated international operation led by Microsoft’s Digital Crimes Unit (DCU), the U.S. Department of Justice (DOJ), Europol, and partners has dismantled the infrastructure of Lumma Stealer, a notorious Malware-as-a-Service (MaaS) platform linked to over 10 million infections and 1.7 million confirmed attacks globally. The action, announced in May 2025, resulted in the seizure of 2,300 malicious domains, sinkholing of traffic to Microsoft-controlled servers, and the suspension of Lumma’s Telegram-based affiliate marketplace, crippling its ability to steal sensitive data like passwords, cryptocurrency wallets, and MFA tokens 311. Lumma, developed by Russian threat actor "Shamel," operated under a subscription model ($250–$20,000) and was distributed via phishing campaigns, malvertising, and trojanized software. Its evasion tactics—such as abuse of legitimate cloud services, encrypted C2 communications, and geofenced payloads—made it a preferred tool for ransomware affiliates and credential harvesters.
domain rank
-1
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 7 days ago
Appeared in 12 threat reports