| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Angry Likho is an APT group that has been active since 2023, primarily targeting large organizations and government agencies in Russia and Belarus. Their attacks typically involve spear-phishing emails with malicious attachments, such as RAR archives, and utilize a known payload, the Lumma stealer, for data exfiltration. The group employs a compact infrastructure and has been linked to espionage activities, particularly in sectors like aviation and pharmaceuticals. Their operations have shown a focus on collecting sensitive information, including cryptowallet files and user credentials.
| 2025-05-21
⋅
Microsoft
⋅
Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool Lumma Stealer |
| 2025-05-20
⋅
Europol
⋅
Europol and Microsoft disrupt world’s largest infostealer Lumma Lumma Stealer |
| 2025-05-09
⋅
Sophos X-Ops
⋅
Lumma Stealer, coming and going Lumma Stealer |
| 2025-04-30
⋅
Google Cloud Community
⋅
Finding Malware: Unveiling LUMMAC.V2 with Google Security Operations Lumma Stealer |
| 2025-04-21
⋅
Trellix
⋅
Unmasking the Evolving Threat: A Deep Dive into the Latest Version of Lumma InfoStealer with Code Flow Obfuscation Lumma Stealer |
| 2025-04-16
⋅
Sekoia
⋅
Interlock ransomware evolving under the radar Interlock Berserk Stealer Interlock Lumma Stealer Supper |
| 2025-04-15
⋅
⋅
Orange Cyberdefense
⋅
CyberSOC Insights: Analysis of a Black Basta Attack Campaign Black Basta DarkGate Lumma Stealer |
| 2025-03-14
⋅
Twitter (@CERTCyberdef)
⋅
Tweet on Emmenhtal v3 Emmenhtal Lumma Stealer Rhadamanthys |
| 2025-03-14
⋅
VitalDigitalForensics
⋅
Lumma Stealer – A tale that starts with a fake Captcha Lumma Stealer |
| 2025-03-13
⋅
Group-IB
⋅
ClickFix: The Social Engineering Technique Hackers Use to Manipulate Victims Emmenhtal Lumma Stealer |
| 2025-03-12
⋅
Red Canary
⋅
2025 Threat Detection Report HijackLoader Lumma Stealer NetSupportManager RAT |
| 2025-03-11
⋅
Trend Micro
⋅
AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution Lumma Stealer SmartLoader |
| 2025-02-21
⋅
Kaspersky Labs
⋅
Angry Likho: Old beasts in a new forest Lumma Stealer Angry Likho |
| 2025-02-20
⋅
Infrawatch
⋅
GhostSocks - Lumma's Partner In Proxy GhostSocks Lumma Stealer |
| 2025-02-18
⋅
Proofpoint
⋅
An Update on Fake Updates: Two New Actors, and New Mac Malware Marcher FAKEUPDATES FrigidStealer Lumma Stealer |
| 2025-02-18
⋅
Varist
⋅
Malvertisements, Fake Captchas and Infostealers Lumma Stealer |
| 2025-01-30
⋅
RevEng.AI
⋅
One ClickFix and LummaStealer reCAPTCHA’s Our Attention - Part 1 Lumma Stealer |
| 2025-01-27
⋅
Youtube (MalwareAnalysisForHedgehogs)
⋅
Malware Analysis - Binary Refinery URL extraction of Multi-Layered PoshLoader for LummaStealer Lumma Stealer |
| 2025-01-23
⋅
Netskope
⋅
Lumma Stealer: Fake CAPTCHAs & New Techniques to Evade Detection Lumma Stealer |
| 2025-01-13
⋅
⋅
Cert-AgID
⋅
Analisi di una campagna Lumma Stealer con falso CAPTCHA condotta attraverso domino italiano compromesso Lumma Stealer |
| 2024-12-30
⋅
Intrinsec
⋅
CryptBot: Hunting for initial access vectors CryptBot Lumma Stealer PrivateLoader |
| 2024-12-28
⋅
Medium s.lontzetidis
⋅
Lumma 2024: Dominating the Info-Stealer Market Lumma Stealer |
| 2024-12-20
⋅
Ryan Weil
⋅
Deobfuscation of Lumma Stealer Lumma Stealer |
| 2024-12-19
⋅
SpyCloud
⋅
LummaC2 Revisited: What’s Making this Stealer Stealthier and More Lethal GhostSocks Lumma Stealer |
| 2024-12-17
⋅
Cybereason
⋅
Your Data Is Under New Lummanagement: The Rise of LummaStealer Lumma Stealer |
| 2024-12-16
⋅
Guardio Labs
⋅
“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising Lumma Stealer |
| 2024-11-18
⋅
Proofpoint
⋅
Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape AsyncRAT Brute Ratel C4 DanaBot DarkGate Latrodectus Lumma Stealer NetSupportManager RAT XWorm |
| 2024-11-12
⋅
Kroll
⋅
LUMMASTEALER Delivered Via PowerShell Social Engineering Lumma Stealer |
| 2024-10-17
⋅
Loader Insight Agency
⋅
Correlating Vidar Stealer Build IDs Based on Loader Tasks Lumma Stealer SmokeLoader Vidar |
| 2024-10-08
⋅
Trustwave
⋅
Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader Pronsis Loader Latrodectus Lumma Stealer |
| 2024-10-05
⋅
Malware Analysis - Lumma Stealer Lumma Stealer |
| 2024-09-25
⋅
Medium b.magnezi
⋅
Lumma Stealer - Malware Analysis Lumma Stealer |
| 2024-09-20
⋅
McAfee
⋅
Behind the CAPTCHA: A Clever Gateway of Malware Emmenhtal Lumma Stealer |
| 2024-09-09
⋅
Denwp Research
⋅
Dissecting Lumma Malware: Analyzing the Fake CAPTCHA and Obfuscation Techniques - Part 2 Lumma Stealer |
| 2024-08-30
⋅
Denwp Research
⋅
Anatomy of a Lumma Stealer Attack via Fake CAPTCHA Pages - Part 1 Lumma Stealer |
| 2024-08-22
⋅
Mandiant
⋅
PEAKLIGHT: Decoding the Stealthy Memory-Only Malware CryptBot Emmenhtal HijackLoader Lumma Stealer |
| 2024-08-12
⋅
Rapid7
⋅
Ongoing Social Engineering Campaign Refreshes Payloads Black Basta Cobalt Strike GhostSocks Lumma Stealer SystemBC |
| 2024-07-24
⋅
Check Point Research
⋅
Stargazers Ghost Network Atlantida Lumma Stealer RedLine Stealer Rhadamanthys RisePro Stargazer Goblin |
| 2024-07-23
⋅
Fortinet
⋅
Exploiting CVE-2024-21412: A Stealer Campaign Unleashed ACR Stealer Lumma Stealer Meduza Stealer |
| 2024-07-22
⋅
Censys
⋅
A Beginner’s Guide to Hunting Malicious Open Directories Cobalt Strike Lumma Stealer Vidar |
| 2024-07-11
⋅
McAfee
⋅
ClickFix Deception: A Social Engineering Tactic to Deploy Malware DarkGate Lumma Stealer |
| 2024-07-02
⋅
Sekoia
⋅
Exposing FakeBat loader: distribution methods and adversary infrastructure BlackCat Royal Ransom EugenLoader Carbanak Cobalt Strike DICELOADER Gozi IcedID Lumma Stealer NetSupportManager RAT Pikabot RedLine Stealer SectopRAT Sliver SmokeLoader Vidar |
| 2024-06-21
⋅
0x1c
⋅
[0001] AmberAmethystDaisy -> QuartzBegonia -> LummaStealer Lumma Stealer |
| 2024-06-17
⋅
Proofpoint
⋅
From Clipboard to Compromise: A PowerShell Self-Pwn DarkGate HijackLoader Lumma Stealer Matanbuchus NetSupportManager RAT TA571 |
| 2024-06-17
⋅
Trellix
⋅
Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion HijackLoader Lumma Stealer |
| 2024-06-10
⋅
Mandiant
⋅
UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion Lumma Stealer MetaStealer Raccoon RedLine Stealer RisePro Vidar UNC5537 |
| 2024-06-06
⋅
Morphisec
⋅
Howling at the Inbox: Sticky Werewolf’s Latest Malicious Aviation Attacks Angry Likho |
| 2024-05-29
⋅
eSentire
⋅
Fake Browser Updates delivering BitRAT and Lumma Stealer BitRAT Lumma Stealer |
| 2024-03-24
⋅
Viuleeenz
⋅
Understanding API Hashing and build a rainbow table for LummaStealer Lumma Stealer |
| 2024-03-07
⋅
Malware Traffic Analysis
⋅
2024-03-07 (THURSDAY): LATRODECTUS INFECTION LEADS TO LUMMA STEALER Latrodectus Lumma Stealer |
| 2024-02-13
⋅
Gridinsoft
⋅
What is Lumma Stealer? Lumma Stealer |
| 2024-02-13
⋅
Palo Alto Networks Unit 42
⋅
A Deep Dive Into Malicious Direct Syscall Detection Lumma Stealer |
| 2024-02-04
⋅
Viuleeenz
⋅
Understanding PEB and LDR Structures using IDA and LummaStealer Lumma Stealer |
| 2024-01-30
⋅
ANY.RUN
⋅
CrackedCantil: A Malware Symphony Breakdown - PrivateLoader, Smoke, Lumma, RedLine, RisePro, Amadey, Stealc, Socks5Systemz, STOP Amadey CrackedCantil Lumma Stealer PrivateLoader RedLine Stealer RisePro SmokeLoader Socks5 Systemz Stealc STOP |
| 2024-01-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q4 2023 FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver |
| 2024-01-08
⋅
Fortinet
⋅
Deceptive Cracked Software Spreads Lumma Variant on YouTube Lumma Stealer |
| 2024-01-08
⋅
YouTube (Embee Research)
⋅
Malware Analysis - Decoding Obfuscated Powershell and HTA Files (Lumma Stealer) Lumma Stealer |
| 2023-11-20
⋅
Outpost24
⋅
Unveiling LummaC2 stealer’s novel Anti-Sandbox technique: Leveraging trigonometry for human behavior detection Lumma Stealer |
| 2023-11-16
⋅
Medium g0njxa
⋅
Approaching stealers devs : a brief interview with LummaC2 Lumma Stealer |
| 2023-10-27
⋅
Elastic
⋅
GHOSTPULSE haunts victims using defense evasion bag o' tricks HijackLoader Lumma Stealer NetSupportManager RAT Rhadamanthys SectopRAT Vidar |
| 2023-10-17
⋅
Intrinsec
⋅
Lumma Stealer actively deployed in multiple campaigns Lumma Stealer |
| 2023-09-07
⋅
eSentire
⋅
The Case of LummaC2 v4.0 Lumma Stealer |
| 2023-09-06
⋅
Darktrace
⋅
The Rise of the Lumma Info-Stealer Lumma Stealer |
| 2023-08-31
⋅
Rapid7 Labs
⋅
Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers FAKEUPDATES Amadey HijackLoader Lumma Stealer SectopRAT |
| 2023-04-09
⋅
LummaC2 BreakDown Lumma Stealer |
| 2023-04-05
⋅
Outpost24
⋅
Everything you need to know about the LummaC2 Stealer: Leveraging IDA Python and Unicorn to deobfuscate Windows API Hashing Lumma Stealer |
| 2023-02-27
⋅
Medium s2wlab
⋅
Lumma Stealer targets YouTubers via Spear-phishing Email Lumma Stealer |
| 2023-02-03
⋅
Cloudsek
⋅
Threat Actors Abuse AI-Generated Youtube Videos to Spread Stealer Malware Alfonso Stealer Bandit Stealer Cameleon Fabookie Lumma Stealer Nanocore RAT Panda Stealer RecordBreaker RedLine Stealer Stealc STOP Vidar zgRAT |
| 2023-01-13
⋅
Twitter (@Ishusoka)
⋅
Tweets on updates regarding Lumma Stealer Lumma Stealer |
| 2023-01-06
⋅
cyble
⋅
LummaC2 Stealer: A Potent Threat To Crypto Users Lumma Stealer |
| 2022-09-22
⋅
Twitter (@sekoia_io)
⋅
Tweets on Lumma stealer Lumma Stealer |
| 2022-08-16
⋅
Twitter (@fumik0_)
⋅
Tweet on Lumma Stealer based on Mars Stealer Lumma Stealer |