Roberto Martinez
@mtnez.bsky.social
Threat Intelligence | Threat Research | Threat Hunting
Two compromised legitimate sites found so far on URLScan (2 more on VT), containing injected obfuscated code inside a JS file.
urlscan.io/result/84e74...
urlscan.io/result/0b78b...
The command added to the clipboard takes victims to
hxxp://91.206.178.120:5001/get_txt
Then to the LummaC2 payload.
urlscan.io/result/84e74...
urlscan.io/result/0b78b...
The command added to the clipboard takes victims to
hxxp://91.206.178.120:5001/get_txt
Then to the LummaC2 payload.
February 13, 2025 at 7:33 PM
Two compromised legitimate sites found so far on URLScan (2 more on VT), containing injected obfuscated code inside a JS file.
urlscan.io/result/84e74...
urlscan.io/result/0b78b...
The command added to the clipboard takes victims to
hxxp://91.206.178.120:5001/get_txt
Then to the LummaC2 payload.
urlscan.io/result/84e74...
urlscan.io/result/0b78b...
The command added to the clipboard takes victims to
hxxp://91.206.178.120:5001/get_txt
Then to the LummaC2 payload.