DomainMediumSignal 71/100

`stormlegue.com`

Location

United States

First Seen

Feb 13, 2025

Last Seen

Jun 12, 2026

Feb 13

First Seen

498d ago

Jun 12

Last Seen

14d ago

Reports

source reports

71%

Confidence

medium

Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

71%

Signal Score

71 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

91 techniques

Feed Intelligence Summary

19 reports71% confidence

Source reports

71%

Confidence score

Category tags

aa25-141babuseactive scanactive scanningaerospace & defenseaes encryptionaptatomicattackauthentication abusebad reputationbitcoinbitsight traceblockchainbnb smartbnb smart chainbotnetbotnet activitybrowser credential theftbrowser data theftbrowser hijackingbrute forcec2c2 checkinc2 trackingcalls-wmicat-themed domainscatscertchainchecks-bioschecks-user-inputcisacisa advisorycloudflare pagescode injectioncommand & controlcommand and controlcommodity contracts intermediationcommunication protocolcommunications networkscookie theftcorruptcredential accesscredential harvestingcredential stealingcredential stuffingcredential theftcritical infrastructurecrypto exchangecrypto miningcrypto walletcrypto wallet theftcryptocurrencycryptocurrency theftcryptocurrency wallet theftctacyberdatadata breachdata encryptiondata exfiltrationdata store exposuredata theftddosdecentralized financedefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedetect-debug-environmentdigital currencydistributed attacksemergency servicesencryptionenergy systemsenterprise securityenumerationexploitation activityextortionfbifbi alertfinancial systemsform grabbingftpftp brute forcegenericghostgovernment facilitiesgtighostinghttp scannerhttpsidentity & access exploitationindicatorinformation stealerinfostealerinfostealersinfostealing malwareinfrastructure acquisitionreconnaissanceinfrastructure takedowninfrastructure trackingingress tool transferinjection activityinput validation bypassiociocsiocs sha256iot securityjusticelevellocallong-sleepslummalumma stealerlummaclummac.v2lummac2lummac2 infostealer campaignlummac2 iocslummac2 malwaremaasmainmain operatormalicious activitymalicious downloadmalicious softwaremalvertisingmalwaremalware campaignmalware distributionmalware familymalware-as-a-servicematrixmetametadata analysismfa token theftmilitary operationsmitre attmobile threatmozillamozilla firefoxmulti-tiered c2multiple protocolsnation-state activitynational securitynetworknetwork analysisnetwork attacksnetwork communicationnetwork protocolnetwork scanningnorth americaopcodeoperating systemoverlaypassword attackpassword theftpatch managementpathpath traversalpeexephishingphishing attackphishing campaignprocess injectionprotectransomwarereconnaissanceredlineremote accessremote servicesresearchedrisk scoringscams & fraudsecurity operationsserviceshamelsmart contractsmart contractssocial engineeringsocial media securitysoftware vulnerabilitiesssh attackstealersteamsteam profilestrongsupply chain attacksystem disruptiont1003t1005t1012t1016t1016.001t1021t1021.001t1027t1027.003t1027.004t1033t1036t1040t1041t1046t1053.005t1055t1059t1059.001t1059.003t1059.005t1059.007t1069.001t1071t1071.001t1076t1078t1078.001t1082t1083t1102t1102.001t1102.002t1104t1105t1106t1110t1110.001t1110.002t1113t1115t1119t1140t1189t1190t1204t1204.001t1204.002t1217t1218t1486t1490t1496t1499.002t1499.003t1531t1539t1546t1547t1547.001t1553t1553.002t1555t1555.003t1560t1563t1565t1566t1566.001t1566.002t1566.003t1568t1571t1573t1573.001t1583t1583.001t1584.001t1586t1586.001t1587.001t1588.006t1589t1590t1590.001t1595t1595.001t1595.002t1595.003t1608t1608.001tabletcp protocolthreatthreat actorthreat defensethreat intelligencetoolstor nodetransportation networkstrojan malwarettpsunc5142unc5142 c2unc5142 payloadunited statesus departmentvidarvidar c2vulnerability scanwater systemsweb application attackweb application exploitationweb exploitationweb injectionweb trafficwin32 malwarewindowswindows malware

Activity Timeline

1 total obs

Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain **stormlegue.com** has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnet activity, command and control (C

Threat ScoreHigh Risk

SIGNAL

Signal Score

71%

Confidence

Reports

First seenFeb 13, 2025

Last seenJun 12, 2026

VirusTotal

Not checked

WHOIS

domain rank: -1
raw: Create date: 2024-06-03 00:00:00 Domain name: stormlegue.com Domain registrar id: 303 Domain registrar url: whois.PublicDomainRegistry.com Expiry date: 2026-06-03 00:00:00 Name server 1: JULIAN.NS.CLOUDFLARE.COM Name server 2: PHOENIX.NS.CLOUDFLARE.COM Query time: 2025-07-26 21:09:06 Update date: 2025-07-25 00:00:00
references: https://www.domaintools.com/resources/blog/tracking-lummac2-infrastructure-with-cats, https://www.bitsight.com/blog/lumma-stealer-is-out-of-business, Aug1.pdf, https://labs.inquest.net/iocdb, https://threatfox.abuse.ch/export/csv/recent/, https://www.domaintools.com/resources/blog/tracking-lummac2-infrastructure-with-cats/, https://raw.githubusercontent.com/bitsight-research/threat_research/refs/heads/main/lumma/lumma_iocs.csv, https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141b, https://www.cisa.gov/sites/default/files/2025-05/AA25-141B-Threat-Actors-Deploy-LummaC2-Malware-to-Exfiltrate-Sensitive-Data-from-Organizations.stix_.json, https://x.com/K_N1kolenko/status/1891042285854282080
subdomains count: 0

`stormlegue.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey