SYMBOLCOMMON_NAMEaka. SYNONYMS
win.redline_stealer (Back to overview)

RedLine Stealer


RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.

References
2022-06-28AhnLabASEC
@online{asec:20220628:new:df3f9bf, author = {ASEC}, title = {{New Info-stealer Disguised as Crack Being Distributed}}, date = {2022-06-28}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/35981/}, language = {English}, urldate = {2022-06-30} } New Info-stealer Disguised as Crack Being Distributed
ClipBanker CryptBot Raccoon RedLine Stealer
2022-06-15QualysAkshat Pradhan
@techreport{pradhan:20220615:fake:f00033d, author = {Akshat Pradhan}, title = {{Fake Cracked Software Caught Peddling Redline Stealers}}, date = {2022-06-15}, institution = {Qualys}, url = {https://www.qualys.com/docs/whitepapers/qualys-wp-fake-cracked-software-caught-peddling-redline-stealers-v220606.pdf}, language = {English}, urldate = {2022-06-17} } Fake Cracked Software Caught Peddling Redline Stealers
RedLine Stealer
2022-05-25Team CymruS2 Research Team
@online{team:20220525:bablosoft:90f50c4, author = {S2 Research Team}, title = {{Bablosoft; Lowering the Barrier of Entry for Malicious Actors}}, date = {2022-05-25}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/05/25/bablosoft-lowering-the-barrier-of-entry-for-malicious-actors/}, language = {English}, urldate = {2022-05-29} } Bablosoft; Lowering the Barrier of Entry for Malicious Actors
BlackGuard BumbleBee RedLine Stealer
2022-05-19BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220519:net:ecf311c, author = {The BlackBerry Research & Intelligence Team}, title = {{.NET Stubs: Sowing the Seeds of Discord (PureCrypter)}}, date = {2022-05-19}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord}, language = {English}, urldate = {2022-06-09} } .NET Stubs: Sowing the Seeds of Discord (PureCrypter)
Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate
2022-05-17Microsoft SecurityBerman Enconado, Laurie Kirk
@online{enconado:20220517:in:c234e4d, author = {Berman Enconado and Laurie Kirk}, title = {{In hot pursuit of ‘cryware’: Defending hot wallets from attacks}}, date = {2022-05-17}, organization = {Microsoft Security}, url = {https://www.microsoft.com/security/blog/2022/05/17/in-hot-pursuit-of-cryware-defending-hot-wallets-from-attacks/}, language = {English}, urldate = {2022-05-25} } In hot pursuit of ‘cryware’: Defending hot wallets from attacks
Mars Stealer RedLine Stealer
2022-05-12MorphisecHido Cohen
@online{cohen:20220512:new:6e12278, author = {Hido Cohen}, title = {{New SYK Crypter Distributed Via Discord}}, date = {2022-05-12}, organization = {Morphisec}, url = {https://blog.morphisec.com/syk-crypter-discord}, language = {English}, urldate = {2022-06-09} } New SYK Crypter Distributed Via Discord
AsyncRAT Ave Maria Nanocore RAT NjRAT Quasar RAT RedLine Stealer
2022-05-12NetskopeGustavo Palazolo
@online{palazolo:20220512:redline:2a91da2, author = {Gustavo Palazolo}, title = {{RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload}}, date = {2022-05-12}, organization = {Netskope}, url = {https://www.netskope.com/blog/redline-stealer-campaign-using-binance-mystery-box-videos-to-spread-github-hosted-payload}, language = {English}, urldate = {2022-05-17} } RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload
RedLine Stealer
2022-05-10eSentireeSentire Threat Response Unit (TRU)
@online{tru:20220510:redline:ecc9708, author = {eSentire Threat Response Unit (TRU)}, title = {{Redline Stealer Masquerades as Photo Editing Software}}, date = {2022-05-10}, organization = {eSentire}, url = {https://www.esentire.com/blog/redline-stealer-masquerades-as-photo-editing-software}, language = {English}, urldate = {2022-05-24} } Redline Stealer Masquerades as Photo Editing Software
RedLine Stealer
2022-04-27BitdefenderMihai Neagu
@techreport{neagu:20220427:redline:98fb07b, author = {Mihai Neagu}, title = {{RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign}}, date = {2022-04-27}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/415/Bitdefender-PR-Whitepaper-RedLine-creat6109-en-EN.pdf}, language = {English}, urldate = {2022-06-02} } RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign
RedLine Stealer
2022-04-25muha2xmadMuhammad Hasan Ali
@online{ali:20220425:full:d0f9c5d, author = {Muhammad Hasan Ali}, title = {{Full RedLine malware analysis | IoCs | Stealing information}}, date = {2022-04-25}, organization = {muha2xmad}, url = {https://muha2xmad.github.io/malware-analysis/fullredline/}, language = {English}, urldate = {2022-04-29} } Full RedLine malware analysis | IoCs | Stealing information
RedLine Stealer
2022-04-18BitdefenderMihai Neagu
@techreport{neagu:20220418:redline:9eb0a9a, author = {Mihai Neagu}, title = {{RedLine Stealer Analysis}}, date = {2022-04-18}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/415/Bitdefender-PR-Whitepaper-RedLine-creat6109-en-EN.pdf}, language = {English}, urldate = {2022-04-29} } RedLine Stealer Analysis
RedLine Stealer
2022-04-14Cisco TalosEdmund Brumaghin, Vanja Svajcer, Michael Chen
@online{brumaghin:20220414:threat:45dba55, author = {Edmund Brumaghin and Vanja Svajcer and Michael Chen}, title = {{Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer}}, date = {2022-04-14}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html}, language = {English}, urldate = {2022-04-15} } Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer
RedLine Stealer
2022-03-24paloalto Netoworks: Unit42Unit42
@online{unit42:20220324:threat:8b3586f, author = {Unit42}, title = {{Threat Brief: Lapsus$ Group}}, date = {2022-03-24}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/lapsus-group/}, language = {English}, urldate = {2022-03-25} } Threat Brief: Lapsus$ Group
RedLine Stealer
2022-03-23KrebsOnSecurityBrian Krebs
@online{krebs:20220323:closer:411208b, author = {Brian Krebs}, title = {{A Closer Look at the LAPSUS$ Data Extortion Group}}, date = {2022-03-23}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/}, language = {English}, urldate = {2022-03-24} } A Closer Look at the LAPSUS$ Data Extortion Group
RedLine Stealer
2022-03-23SecurityAffairsPierluigi Paganini
@online{paganini:20220323:its:93ae664, author = {Pierluigi Paganini}, title = {{It’s official, Lapsus$ gang compromised a Microsoft employee’s account}}, date = {2022-03-23}, organization = {SecurityAffairs}, url = {https://securityaffairs.co/wordpress/129391/hacking/lapsus-gang-compromised-microsoft-employees-account.html}, language = {English}, urldate = {2022-03-25} } It’s official, Lapsus$ gang compromised a Microsoft employee’s account
RedLine Stealer
2022-03-22The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20220322:microsoft:3373c3d, author = {Ravie Lakshmanan}, title = {{Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group}}, date = {2022-03-22}, organization = {The Hacker News}, url = {https://thehackernews.com/2022/03/microsoft-and-okta-confirm-breach-by.html}, language = {English}, urldate = {2022-03-23} } Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group
RedLine Stealer
2022-03-22Bleeping ComputerLawrence Abrams
@online{abrams:20220322:microsoft:54e0518, author = {Lawrence Abrams}, title = {{Microsoft confirms they were hacked by Lapsus$ extortion group}}, date = {2022-03-22}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-they-were-hacked-by-lapsus-extortion-group/}, language = {English}, urldate = {2022-03-23} } Microsoft confirms they were hacked by Lapsus$ extortion group
RedLine Stealer
2022-03-22MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20220322:dev0537:eea56dc, author = {Microsoft Threat Intelligence Center (MSTIC) and Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{DEV-0537 (LAPSUS$/UNC3661) criminal actor targeting organizations for data exfiltration and destruction}}, date = {2022-03-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/}, language = {English}, urldate = {2022-04-29} } DEV-0537 (LAPSUS$/UNC3661) criminal actor targeting organizations for data exfiltration and destruction
RedLine Stealer LAPSUS
2022-03-13Bleeping ComputerBill Toulas
@online{toulas:20220313:fake:e8628a0, author = {Bill Toulas}, title = {{Fake Valorant cheats on YouTube infect you with RedLine stealer}}, date = {2022-03-13}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/fake-valorant-cheats-on-youtube-infect-you-with-redline-stealer/}, language = {English}, urldate = {2022-03-14} } Fake Valorant cheats on YouTube infect you with RedLine stealer
RedLine Stealer
2022-03-03Medium s2wlabJiho Kim
@online{kim:20220303:deep:3cac6e2, author = {Jiho Kim}, title = {{Deep Analysis of Redline Stealer: Leaked Credential with WCF}}, date = {2022-03-03}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904}, language = {English}, urldate = {2022-03-07} } Deep Analysis of Redline Stealer: Leaked Credential with WCF
RedLine Stealer
2022-02-09BleepingComputerBill Toulas
@online{toulas:20220209:fake:a26dcb6, author = {Bill Toulas}, title = {{Fake Windows 11 upgrade installers infect you with RedLine malware}}, date = {2022-02-09}, organization = {BleepingComputer}, url = {https://www.bleepingcomputer.com/news/security/fake-windows-11-upgrade-installers-infect-you-with-redline-malware/}, language = {English}, urldate = {2022-02-10} } Fake Windows 11 upgrade installers infect you with RedLine malware
RedLine Stealer
2022-02-08Intel 471Intel 471
@online{471:20220208:privateloader:5e226cd, author = {Intel 471}, title = {{PrivateLoader: The first step in many malware schemes}}, date = {2022-02-08}, organization = {Intel 471}, url = {https://intel471.com/blog/privateloader-malware}, language = {English}, urldate = {2022-05-09} } PrivateLoader: The first step in many malware schemes
Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar
2022-02-08HPPatrick Schläpfer
@online{schlpfer:20220208:attackers:1a91251, author = {Patrick Schläpfer}, title = {{Attackers Disguise RedLine Stealer as a Windows 11 Upgrade}}, date = {2022-02-08}, organization = {HP}, url = {https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/}, language = {English}, urldate = {2022-02-14} } Attackers Disguise RedLine Stealer as a Windows 11 Upgrade
RedLine Stealer
2022-02-07TrellixTaylor Mullins
@online{mullins:20220207:trellix:07fa2d5, author = {Taylor Mullins}, title = {{Trellix Global Defenders: Invasion of the Information Snatchers - Protecting against RedLine Infostealer}}, date = {2022-02-07}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/trellix-global-defenders-invaders-of-the-information-snatchers.html}, language = {English}, urldate = {2022-02-09} } Trellix Global Defenders: Invasion of the Information Snatchers - Protecting against RedLine Infostealer
RedLine Stealer
2022-01-20SANS ISC InfoSec ForumsXavier Mertens
@online{mertens:20220120:redline:87c27db, author = {Xavier Mertens}, title = {{RedLine Stealer Delivered Through FTP}}, date = {2022-01-20}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/}, language = {English}, urldate = {2022-01-24} } RedLine Stealer Delivered Through FTP
RedLine Stealer
2022-01-20blog.rootshell.beXavier Mertens
@online{mertens:20220120:sans:bc9b319, author = {Xavier Mertens}, title = {{[SANS ISC] RedLine Stealer Delivered Through FTP}}, date = {2022-01-20}, organization = {blog.rootshell.be}, url = {https://blog.rootshell.be/2022/01/20/sans-isc-redline-stealer-delivered-through-ftp/}, language = {English}, urldate = {2022-02-01} } [SANS ISC] RedLine Stealer Delivered Through FTP
RedLine Stealer
2022-01-19ChainanalysisChainalysis Team
@online{team:20220119:meet:b0e3f43, author = {Chainalysis Team}, title = {{Meet the Malware Families Helping Hackers Steal and Mine Millions in Cryptocurrency}}, date = {2022-01-19}, organization = {Chainanalysis}, url = {https://blog.chainalysis.com/reports/2022-crypto-crime-report-preview-malware/}, language = {English}, urldate = {2022-01-24} } Meet the Malware Families Helping Hackers Steal and Mine Millions in Cryptocurrency
Glupteba RedLine Stealer
2022-01-10FortinetShunichi Imano, Fred Gutierrez
@online{imano:20220110:covid:c51ead7, author = {Shunichi Imano and Fred Gutierrez}, title = {{COVID Omicron Variant Lure Used to Distribute RedLine Stealer}}, date = {2022-01-10}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/omicron-variant-lure-used-to-distribute-redline-stealer}, language = {English}, urldate = {2022-01-18} } COVID Omicron Variant Lure Used to Distribute RedLine Stealer
RedLine Stealer
2022-01-03AhnLabASEC Analysis Team
@online{team:20220103:distribution:6b19c5a, author = {ASEC Analysis Team}, title = {{Distribution of Redline Stealer Disguised as Software Crack}}, date = {2022-01-03}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/30445/}, language = {English}, urldate = {2022-01-25} } Distribution of Redline Stealer Disguised as Software Crack
DanaBot RedLine Stealer Vidar
2022-01-02Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220102:cracking:0315ea6, author = {z3r0day_504}, title = {{"Cracking Open the Malware Piñata" Series: Intro to Dynamic Analysis with RedLineStealer}}, date = {2022-01-02}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/cracking-open-the-malware-pi%C3%B1ata-series-intro-to-dynamic-analysis-with-redlinestealer}, language = {English}, urldate = {2022-05-29} } "Cracking Open the Malware Piñata" Series: Intro to Dynamic Analysis with RedLineStealer
RedLine Stealer
2021-12-02CiscoTiago Pereira
@online{pereira:20211202:magnat:15dcabb, author = {Tiago Pereira}, title = {{Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension}}, date = {2021-12-02}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/12/magnat-campaigns-use-malvertising-to.html}, language = {English}, urldate = {2021-12-07} } Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension
Azorult RedLine Stealer
2021-11-29Trend MicroJaromír Hořejší
@online{hoej:20211129:campaign:6e23cf5, author = {Jaromír Hořejší}, title = {{Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites}}, date = {2021-11-29}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/campaign-abusing-rats-uses-fake-websites.html}, language = {English}, urldate = {2021-12-07} } Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos
2021-11-02MinervaNatalie Zargarov
@online{zargarov:20211102:underminer:f03f426, author = {Natalie Zargarov}, title = {{Underminer Exploit Kit: The More You Check The More Evasive You Become}}, date = {2021-11-02}, organization = {Minerva}, url = {https://blog.minerva-labs.com/underminer-exploit-kit-the-more-you-check-the-more-evasive-you-become}, language = {English}, urldate = {2021-11-03} } Underminer Exploit Kit: The More You Check The More Evasive You Become
Amadey Oski Stealer RedLine Stealer UnderminerEK
2021-10-21Bleeping ComputerLawrence Abrams
@online{abrams:20211021:massive:89295e6, author = {Lawrence Abrams}, title = {{Massive campaign uses YouTube to push password-stealing malware}}, date = {2021-10-21}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/massive-campaign-uses-youtube-to-push-password-stealing-malware/}, language = {English}, urldate = {2021-11-02} } Massive campaign uses YouTube to push password-stealing malware
Raccoon RedLine Stealer
2021-10-14Recorded FutureInsikt Group®
@techreport{group:20211014:redline:66899ec, author = {Insikt Group®}, title = {{RedLine Stealer Is Key Source of Identity Data for Criminal Shops}}, date = {2021-10-14}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/mtp-2021-1014.pdf}, language = {English}, urldate = {2021-10-24} } RedLine Stealer Is Key Source of Identity Data for Criminal Shops
RedLine Stealer
2021-09-27Cyber-AnubisNidal Fikri
@online{fikri:20210927:redline:37cd84a, author = {Nidal Fikri}, title = {{RedLine Infostealer | Detailed Reverse Engineering}}, date = {2021-09-27}, organization = {Cyber-Anubis}, url = {https://cyber-anubis.github.io/malware%20analysis/redline/}, language = {English}, urldate = {2021-10-05} } RedLine Infostealer | Detailed Reverse Engineering
RedLine Stealer
2021-09-27Trend MicroRyan Maglaque, Joelson Soares, Gilbert Sison, Arianne Dela Cruz, Warren Sto.Tomas
@online{maglaque:20210927:fake:e02e3a3, author = {Ryan Maglaque and Joelson Soares and Gilbert Sison and Arianne Dela Cruz and Warren Sto.Tomas}, title = {{Fake Installers Drop Malware and Open Doors for Opportunistic Attackers}}, date = {2021-09-27}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/i/fake-installers-drop-malware-and-open-doors-for-opportunistic-attackers.html}, language = {English}, urldate = {2021-10-05} } Fake Installers Drop Malware and Open Doors for Opportunistic Attackers
RedLine Stealer Socelars Vidar
2021-08-26Minerva LabsMinerva Labs
@online{labs:20210826:become:f38fe74, author = {Minerva Labs}, title = {{Become A VIP Victim With New Discord Distributed Malware}}, date = {2021-08-26}, organization = {Minerva Labs}, url = {https://blog.minerva-labs.com/become-a-vip-victim-with-new-discord-distributed-malware}, language = {English}, urldate = {2021-09-12} } Become A VIP Victim With New Discord Distributed Malware
BlackNET RAT RedLine Stealer
2021-08-04ASECASEC
@online{asec:20210804:sw:fd538d1, author = {ASEC}, title = {{S/W Download Camouflage, Spreading Various Kinds of Malware}}, date = {2021-08-04}, organization = {ASEC}, url = {https://asec.ahnlab.com/ko/25837/}, language = {Korean}, urldate = {2022-03-07} } S/W Download Camouflage, Spreading Various Kinds of Malware
Raccoon RedLine Stealer Remcos Vidar
2021-07-12IBMMelissa Frydrych, Claire Zaboeva, Dan Dash
@online{frydrych:20210712:roboski:1f66418, author = {Melissa Frydrych and Claire Zaboeva and Dan Dash}, title = {{RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation}}, date = {2021-07-12}, organization = {IBM}, url = {https://securityintelligence.com/posts/roboski-global-recovery-automation/}, language = {English}, urldate = {2021-07-20} } RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos
2021-07-12Cipher Tech SolutionsMelissa Frydrych, Claire Zaboeva, Dan Dash
@online{frydrych:20210712:roboski:a3c66bf, author = {Melissa Frydrych and Claire Zaboeva and Dan Dash}, title = {{RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation}}, date = {2021-07-12}, organization = {Cipher Tech Solutions}, url = {https://www.ciphertechsolutions.com/roboski-global-recovery-automation/}, language = {English}, urldate = {2021-07-20} } RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos
2021-07-08BlackberryThe BlackBerry Research and Intelligence Team
@online{team:20210708:threat:c31cba6, author = {The BlackBerry Research and Intelligence Team}, title = {{Threat Thursday: Redline Infostealer}}, date = {2021-07-08}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/07/threat-thursday-redline-infostealer}, language = {English}, urldate = {2021-07-19} } Threat Thursday: Redline Infostealer
RedLine Stealer
2021-06-14Blaze's Security BlogBartBlaze
@online{bartblaze:20210614:digital:f5d4313, author = {BartBlaze}, title = {{Digital artists targeted in RedLine infostealer campaign}}, date = {2021-06-14}, organization = {Blaze's Security Blog}, url = {https://bartblaze.blogspot.com/2021/06/digital-artists-targeted-in-redline.html}, language = {English}, urldate = {2021-06-16} } Digital artists targeted in RedLine infostealer campaign
RedLine Stealer
2021-06-02MorphisecMichael Gorelik
@online{gorelik:20210602:google:eb1bf13, author = {Michael Gorelik}, title = {{Google PPC Ads Deliver Redline, Taurus, and mini-Redline Infostealers}}, date = {2021-06-02}, organization = {Morphisec}, url = {https://blog.morphisec.com/google-ppc-ads-deliver-redline-taurus-and-mini-redline-infostealers}, language = {English}, urldate = {2021-06-16} } Google PPC Ads Deliver Redline, Taurus, and mini-Redline Infostealers
RedLine Stealer Taurus Stealer
2021-04-27Minerva LabsMinerva Labs
@online{labs:20210427:redline:f60a1c6, author = {Minerva Labs}, title = {{RedLine Stealer Masquerades as Telegram Installer}}, date = {2021-04-27}, organization = {Minerva Labs}, url = {https://blog.minerva-labs.com/redline-stealer-masquerades-as-telegram-installer}, language = {English}, urldate = {2021-05-04} } RedLine Stealer Masquerades as Telegram Installer
RedLine Stealer
2021-01-18Medium csis-techblogBenoît Ancel
@online{ancel:20210118:gcleaner:f8b9064, author = {Benoît Ancel}, title = {{GCleaner — Garbage Provider Since 2019}}, date = {2021-01-18}, organization = {Medium csis-techblog}, url = {https://medium.com/csis-techblog/gcleaner-garbage-provider-since-2019-2708e7c87a8a}, language = {English}, urldate = {2021-01-21} } GCleaner — Garbage Provider Since 2019
Amadey Ficker Stealer Raccoon RedLine Stealer SmokeLoader STOP
2020-10-05JuniperPaul Kimayong
@online{kimayong:20201005:new:739309f, author = {Paul Kimayong}, title = {{New pastebin-like service used in multiple malware campaigns}}, date = {2020-10-05}, organization = {Juniper}, url = {https://blogs.juniper.net/en-us/threat-research/new-pastebin-like-service-used-in-multiple-malware-campaigns}, language = {English}, urldate = {2020-10-07} } New pastebin-like service used in multiple malware campaigns
Agent Tesla LimeRAT RedLine Stealer
2020-09-07Github (StrangerealIntel)StrangerealIntel
@online{strangerealintel:20200907:time:07064dc, author = {StrangerealIntel}, title = {{Time to take the bull by the horns}}, date = {2020-09-07}, organization = {Github (StrangerealIntel)}, url = {https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/Additional%20Analysis/UnknownTA/2020-09-07/Analysis.md}, language = {English}, urldate = {2020-09-15} } Time to take the bull by the horns
RedLine Stealer Taurus Stealer
2020-07-30SpamhausSpamhaus Malware Labs
@techreport{labs:20200730:spamhaus:038546d, author = {Spamhaus Malware Labs}, title = {{Spamhaus Botnet Threat Update Q2 2020}}, date = {2020-07-30}, institution = {Spamhaus}, url = {https://www.spamhaus.org/news/images/botnet-report-2020-q2/2020-q2-spamhaus-botnet-threat-report.pdf}, language = {English}, urldate = {2020-07-30} } Spamhaus Botnet Threat Update Q2 2020
AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader
2020-07-02ZscalerMohd Sadique
@online{sadique:20200702:cybergate:b091287, author = {Mohd Sadique}, title = {{CyberGate RAT and RedLine Stealer Delivered in Ongoing AutoIt Malware Campaigns}}, date = {2020-07-02}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/cybergate-rat-and-redline-stealer-delivered-ongoing-autoit-malware-campaigns}, language = {English}, urldate = {2022-02-17} } CyberGate RAT and RedLine Stealer Delivered in Ongoing AutoIt Malware Campaigns
CyberGate RedLine Stealer
2020-03-19Bleeping ComputerLawrence Abrams
@online{abrams:20200319:redline:5966456, author = {Lawrence Abrams}, title = {{RedLine Info-Stealing Malware Spread by Folding@home Phishing}}, date = {2020-03-19}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/redline-info-stealing-malware-spread-by-folding-home-phishing/}, language = {English}, urldate = {2020-03-22} } RedLine Info-Stealing Malware Spread by Folding@home Phishing
RedLine Stealer
2020-03-16ProofpointSherrod DeGrippo
@online{degrippo:20200316:ta505:6cfbbb0, author = {Sherrod DeGrippo}, title = {{TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years}}, date = {2020-03-16}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/ta505-and-others-launch-new-coronavirus-campaigns-now-largest-collection-attack}, language = {English}, urldate = {2020-04-26} } TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years
RedLine Stealer
2020-03-16ProofpointJeremy H, Axel F, Proofpoint Threat Insight Team
@online{h:20200316:new:60f8c3d, author = {Jeremy H and Axel F and Proofpoint Threat Insight Team}, title = {{New RedLine Stealer Distributed Using Coronavirus-themed Email Campaign}}, date = {2020-03-16}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/new-redline-stealer-distributed-using-coronavirus-themed-email-campaign}, language = {English}, urldate = {2020-03-17} } New RedLine Stealer Distributed Using Coronavirus-themed Email Campaign
RedLine Stealer

There is no Yara-Signature yet.