SYMBOLCOMMON_NAMEaka. SYNONYMS
win.redline_stealer (Back to overview)

RedLine Stealer

RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.

References
2023-01-04dr4k0nia
@online{dr4k0nia:20230104:unpacking:e991808, author = {dr4k0nia}, title = {{Unpacking RedLine Stealer}}, date = {2023-01-04}, url = {https://dr4k0nia.github.io/posts/Unpacking-RedLine-Stealer/}, language = {English}, urldate = {2023-01-06} } Unpacking RedLine Stealer
RedLine Stealer
2022-10-13SpamhausSpamhaus Malware Labs
@techreport{labs:20221013:spamhaus:43e3190, author = {Spamhaus Malware Labs}, title = {{Spamhaus Botnet Threat Update Q3 2022}}, date = {2022-10-13}, institution = {Spamhaus}, url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2022%20Q3%20Botnet%20Threat%20Update.pdf}, language = {English}, urldate = {2022-12-29} } Spamhaus Botnet Threat Update Q3 2022
FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm
2022-10-05FortinetXiaopeng Zhang
@online{zhang:20221005:excel:ac2668c, author = {Xiaopeng Zhang}, title = {{Excel Document Delivers Multiple Malware by Exploiting CVE-2017-11882 – Part II}}, date = {2022-10-05}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/excel-document-delivers-multiple-malware-exploiting-cve-2017-11882-part-two}, language = {English}, urldate = {2022-11-15} } Excel Document Delivers Multiple Malware by Exploiting CVE-2017-11882 – Part II
Formbook RedLine Stealer
2022-09-29Team CymruS2 Research Team
@online{team:20220929:seychelles:2d1a3c1, author = {S2 Research Team}, title = {{Seychelles, Seychelles, on the C(2) Shore: An overview of a bulletproof hosting provider named ELITETEAM.}}, date = {2022-09-29}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/seychelles-seychelles-on-the-c-2-shore}, language = {English}, urldate = {2022-10-10} } Seychelles, Seychelles, on the C(2) Shore: An overview of a bulletproof hosting provider named ELITETEAM.
Amadey Raccoon RedLine Stealer SmokeLoader STOP
2022-09-26KasperskyHaim Zigel, Oleg Kupreev, Artem Ushkov
@online{zigel:20220926:nullmixer:c623b01, author = {Haim Zigel and Oleg Kupreev and Artem Ushkov}, title = {{NullMixer: oodles of Trojans in a single dropper}}, date = {2022-09-26}, organization = {Kaspersky}, url = {https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/}, language = {English}, urldate = {2022-10-05} } NullMixer: oodles of Trojans in a single dropper
ColdStealer DanaBot GCleaner PrivateLoader PseudoManuscrypt RedLine Stealer SmokeLoader Vidar
2022-09-19FortinetXiaopeng Zhang
@online{zhang:20220919:excel:0e222e2, author = {Xiaopeng Zhang}, title = {{Excel Document Delivers Multiple Malware By Exploiting CVE-2017-11882 – Part I}}, date = {2022-09-19}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/excel-document-delivers-malware-by-exploiting-cve-2017-11882}, language = {English}, urldate = {2022-11-15} } Excel Document Delivers Multiple Malware By Exploiting CVE-2017-11882 – Part I
Formbook RedLine Stealer
2022-09-15KasperskyOleg Kupreev
@online{kupreev:20220915:selfspreading:a51b997, author = {Oleg Kupreev}, title = {{Self-spreading stealer attacks gamers via YouTube}}, date = {2022-09-15}, organization = {Kaspersky}, url = {https://securelist.com/self-spreading-stealer-attacks-gamers-via-youtube/107407/}, language = {English}, urldate = {2022-09-16} } Self-spreading stealer attacks gamers via YouTube
RedLine Stealer
2022-09-15SekoiaThreat & Detection Research Team
@online{team:20220915:privateloader:d88c7b2, author = {Threat & Detection Research Team}, title = {{PrivateLoader: the loader of the prevalent ruzki PPI service}}, date = {2022-09-15}, organization = {Sekoia}, url = {https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/}, language = {English}, urldate = {2022-09-19} } PrivateLoader: the loader of the prevalent ruzki PPI service
Agent Tesla Coinminer DanaBot DCRat Eternity Stealer Glupteba Mars Stealer NetSupportManager RAT Nymaim Nymaim2 Phoenix Keylogger PrivateLoader Raccoon RedLine Stealer SmokeLoader Socelars STOP Vidar YTStealer
2022-08-31BitSightAndré Tavares
@online{tavares:20220831:tracking:5b4130e, author = {André Tavares}, title = {{Tracking PrivateLoader: Malware Distribution Service}}, date = {2022-08-31}, organization = {BitSight}, url = {https://www.bitsight.com/blog/tracking-privateloader-malware-distribution-service}, language = {English}, urldate = {2022-08-31} } Tracking PrivateLoader: Malware Distribution Service
PrivateLoader RedLine Stealer SmokeLoader
2022-08-30CiscoVanja Svajcer
@online{svajcer:20220830:modernloader:5b62dce, author = {Vanja Svajcer}, title = {{ModernLoader delivers multiple stealers, cryptominers and RATs}}, date = {2022-08-30}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html}, language = {English}, urldate = {2022-08-31} } ModernLoader delivers multiple stealers, cryptominers and RATs
Coinminer DCRat ModernLoader RedLine Stealer SapphireMiner SystemBC
2022-08-29SekoiaThreat & Detection Research Team
@online{team:20220829:traffers:8b7930b, author = {Threat & Detection Research Team}, title = {{Traffers: a deep dive into the information stealer ecosystem}}, date = {2022-08-29}, organization = {Sekoia}, url = {https://blog.sekoia.io/traffers-a-deep-dive-into-the-information-stealer-ecosystem}, language = {English}, urldate = {2022-08-31} } Traffers: a deep dive into the information stealer ecosystem
MetaStealer PrivateLoader Raccoon RedLine Stealer Vidar
2022-08-29360 netlabwanghao
@online{wanghao:20220829:purecrypter:4d81329, author = {wanghao}, title = {{PureCrypter Loader continues to be active and has spread to more than 10 other families}}, date = {2022-08-29}, organization = {360 netlab}, url = {https://blog.netlab.360.com/purecrypter}, language = {Chinese}, urldate = {2022-09-06} } PureCrypter Loader continues to be active and has spread to more than 10 other families
404 Keylogger Agent Tesla AsyncRAT Formbook RedLine Stealer
2022-08-23ZscalerMitesh Wani, Kaivalya Khursale
@online{wani:20220823:making:37c9914, author = {Mitesh Wani and Kaivalya Khursale}, title = {{Making victims pay, infostealer malwares mimick pirated-software download sites}}, date = {2022-08-23}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/making-victims-pay-infostealer-malwares-mimick-pirated-software-download}, language = {English}, urldate = {2022-09-07} } Making victims pay, infostealer malwares mimick pirated-software download sites
RedLine Stealer
2022-08-17SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20220817:darktortilla:9a00612, author = {Counter Threat Unit ResearchTeam}, title = {{DarkTortilla Malware Analysis}}, date = {2022-08-17}, organization = {Secureworks}, url = {https://www.secureworks.com/research/darktortilla-malware-analysis}, language = {English}, urldate = {2023-01-05} } DarkTortilla Malware Analysis
Agent Tesla AsyncRAT Cobalt Strike DarkTortilla Nanocore RAT RedLine Stealer
2022-08-10Palo Alto Networks Unit 42Muhammad Umer Khan, Lee Wei, Yang Ji, Wenjun Hu
@online{khan:20220810:bluesky:a8e0325, author = {Muhammad Umer Khan and Lee Wei and Yang Ji and Wenjun Hu}, title = {{BlueSky Ransomware: Fast Encryption via Multithreading}}, date = {2022-08-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/bluesky-ransomware/}, language = {English}, urldate = {2022-09-06} } BlueSky Ransomware: Fast Encryption via Multithreading
BlueSky RedLine Stealer
2022-08-08N1ght-W0lf BlogAbdallah Elshinbary
@online{elshinbary:20220808:yara:f9ea382, author = {Abdallah Elshinbary}, title = {{YARA for config extraction}}, date = {2022-08-08}, organization = {N1ght-W0lf Blog}, url = {https://n1ght-w0lf.github.io/tutorials/yara-for-config-extraction/}, language = {English}, urldate = {2022-08-09} } YARA for config extraction
RedLine Stealer
2022-08-08Medium CSIS TechblogBenoît Ancel
@online{ancel:20220808:inside:67ef9a0, author = {Benoît Ancel}, title = {{An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure}}, date = {2022-08-08}, organization = {Medium CSIS Techblog}, url = {https://medium.com/csis-techblog/inside-view-of-brazzzersff-infrastructure-89b9188fd145}, language = {English}, urldate = {2022-08-28} } An inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructure
Riltok magecart Anubis Azorult BetaBot Buer CoalaBot CryptBot DiamondFox DreamBot GCleaner ISFB Loki Password Stealer (PWS) MedusaLocker MeguminTrojan Nemty PsiX RedLine Stealer SmokeLoader STOP TinyNuke Vidar Zloader
2022-08-02Recorded FutureInsikt Group
@techreport{group:20220802:initial:5caddb5, author = {Insikt Group}, title = {{Initial Access Brokers Are Key to Rise in Ransomware Attacks}}, date = {2022-08-02}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2022-0802.pdf}, language = {English}, urldate = {2022-08-05} } Initial Access Brokers Are Key to Rise in Ransomware Attacks
Azorult BlackMatter Conti Mars Stealer Raccoon RedLine Stealer Taurus Stealer Vidar
2022-08-01SecurityScorecardVlad Pasca
@online{pasca:20220801:detailed:769e20c, author = {Vlad Pasca}, title = {{A Detailed Analysis of the RedLine Stealer}}, date = {2022-08-01}, organization = {SecurityScorecard}, url = {https://securityscorecard.com/research/detailed-analysis-redline-stealer}, language = {English}, urldate = {2022-08-02} } A Detailed Analysis of the RedLine Stealer
RedLine Stealer
2022-08-01SecurityScorecardVlad Pasca
@online{pasca:20220801:detailed:d5d5235, author = {Vlad Pasca}, title = {{A Detailed Analysis of the RedLine Stealer}}, date = {2022-08-01}, organization = {SecurityScorecard}, url = {https://securityscorecard.pathfactory.com/all/a-detailed-analysis}, language = {English}, urldate = {2022-08-02} } A Detailed Analysis of the RedLine Stealer
RedLine Stealer
2022-07-13KELAKELA Cyber Intelligence Center
@online{center:20220713:next:b2e43e4, author = {KELA Cyber Intelligence Center}, title = {{The Next Generation of Info Stealers}}, date = {2022-07-13}, organization = {KELA}, url = {https://ke-la.com/information-stealers-a-new-landscape/}, language = {English}, urldate = {2022-07-18} } The Next Generation of Info Stealers
Arkei Stealer Azorult BlackGuard Eternity Stealer Ginzo Stealer Mars Stealer MetaStealer Raccoon RedLine Stealer Vidar
2022-06-28AhnLabASEC
@online{asec:20220628:new:df3f9bf, author = {ASEC}, title = {{New Info-stealer Disguised as Crack Being Distributed}}, date = {2022-06-28}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/35981/}, language = {English}, urldate = {2022-06-30} } New Info-stealer Disguised as Crack Being Distributed
ClipBanker CryptBot Raccoon RedLine Stealer
2022-06-15QualysAkshat Pradhan
@techreport{pradhan:20220615:fake:f00033d, author = {Akshat Pradhan}, title = {{Fake Cracked Software Caught Peddling Redline Stealers}}, date = {2022-06-15}, institution = {Qualys}, url = {https://www.qualys.com/docs/whitepapers/qualys-wp-fake-cracked-software-caught-peddling-redline-stealers-v220606.pdf}, language = {English}, urldate = {2022-06-17} } Fake Cracked Software Caught Peddling Redline Stealers
RedLine Stealer
2022-05-25Team CymruS2 Research Team
@online{team:20220525:bablosoft:90f50c4, author = {S2 Research Team}, title = {{Bablosoft; Lowering the Barrier of Entry for Malicious Actors}}, date = {2022-05-25}, organization = {Team Cymru}, url = {https://team-cymru.com/blog/2022/05/25/bablosoft-lowering-the-barrier-of-entry-for-malicious-actors/}, language = {English}, urldate = {2022-05-29} } Bablosoft; Lowering the Barrier of Entry for Malicious Actors
BlackGuard BumbleBee RedLine Stealer
2022-05-19BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20220519:net:ecf311c, author = {The BlackBerry Research & Intelligence Team}, title = {{.NET Stubs: Sowing the Seeds of Discord (PureCrypter)}}, date = {2022-05-19}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord}, language = {English}, urldate = {2022-06-09} } .NET Stubs: Sowing the Seeds of Discord (PureCrypter)
Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate
2022-05-17Microsoft SecurityBerman Enconado, Laurie Kirk
@online{enconado:20220517:in:c234e4d, author = {Berman Enconado and Laurie Kirk}, title = {{In hot pursuit of ‘cryware’: Defending hot wallets from attacks}}, date = {2022-05-17}, organization = {Microsoft Security}, url = {https://www.microsoft.com/security/blog/2022/05/17/in-hot-pursuit-of-cryware-defending-hot-wallets-from-attacks/}, language = {English}, urldate = {2022-05-25} } In hot pursuit of ‘cryware’: Defending hot wallets from attacks
Mars Stealer RedLine Stealer
2022-05-12MorphisecHido Cohen
@online{cohen:20220512:new:6e12278, author = {Hido Cohen}, title = {{New SYK Crypter Distributed Via Discord}}, date = {2022-05-12}, organization = {Morphisec}, url = {https://blog.morphisec.com/syk-crypter-discord}, language = {English}, urldate = {2022-06-09} } New SYK Crypter Distributed Via Discord
AsyncRAT Ave Maria Nanocore RAT NjRAT Quasar RAT RedLine Stealer
2022-05-12NetskopeGustavo Palazolo
@online{palazolo:20220512:redline:2a91da2, author = {Gustavo Palazolo}, title = {{RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload}}, date = {2022-05-12}, organization = {Netskope}, url = {https://www.netskope.com/blog/redline-stealer-campaign-using-binance-mystery-box-videos-to-spread-github-hosted-payload}, language = {English}, urldate = {2022-05-17} } RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload
RedLine Stealer
2022-05-10eSentireeSentire Threat Response Unit (TRU)
@online{tru:20220510:redline:ecc9708, author = {eSentire Threat Response Unit (TRU)}, title = {{Redline Stealer Masquerades as Photo Editing Software}}, date = {2022-05-10}, organization = {eSentire}, url = {https://www.esentire.com/blog/redline-stealer-masquerades-as-photo-editing-software}, language = {English}, urldate = {2022-05-24} } Redline Stealer Masquerades as Photo Editing Software
RedLine Stealer
2022-04-27BitdefenderMihai Neagu
@techreport{neagu:20220427:redline:98fb07b, author = {Mihai Neagu}, title = {{RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign}}, date = {2022-04-27}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/415/Bitdefender-PR-Whitepaper-RedLine-creat6109-en-EN.pdf}, language = {English}, urldate = {2022-06-02} } RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign
RedLine Stealer
2022-04-25muha2xmadMuhammad Hasan Ali
@online{ali:20220425:full:d0f9c5d, author = {Muhammad Hasan Ali}, title = {{Full RedLine malware analysis | IoCs | Stealing information}}, date = {2022-04-25}, organization = {muha2xmad}, url = {https://muha2xmad.github.io/malware-analysis/fullredline/}, language = {English}, urldate = {2022-04-29} } Full RedLine malware analysis | IoCs | Stealing information
RedLine Stealer
2022-04-18BitdefenderMihai Neagu
@techreport{neagu:20220418:redline:9eb0a9a, author = {Mihai Neagu}, title = {{RedLine Stealer Analysis}}, date = {2022-04-18}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/415/Bitdefender-PR-Whitepaper-RedLine-creat6109-en-EN.pdf}, language = {English}, urldate = {2022-04-29} } RedLine Stealer Analysis
RedLine Stealer
2022-04-14Cisco TalosEdmund Brumaghin, Vanja Svajcer, Michael Chen
@online{brumaghin:20220414:threat:45dba55, author = {Edmund Brumaghin and Vanja Svajcer and Michael Chen}, title = {{Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer}}, date = {2022-04-14}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html}, language = {English}, urldate = {2022-04-15} } Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer
RedLine Stealer
2022-03-24paloalto Netoworks: Unit42Unit42
@online{unit42:20220324:threat:8b3586f, author = {Unit42}, title = {{Threat Brief: Lapsus$ Group}}, date = {2022-03-24}, organization = {paloalto Netoworks: Unit42}, url = {https://unit42.paloaltonetworks.com/lapsus-group/}, language = {English}, urldate = {2022-03-25} } Threat Brief: Lapsus$ Group
RedLine Stealer
2022-03-23KrebsOnSecurityBrian Krebs
@online{krebs:20220323:closer:411208b, author = {Brian Krebs}, title = {{A Closer Look at the LAPSUS$ Data Extortion Group}}, date = {2022-03-23}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/}, language = {English}, urldate = {2022-03-24} } A Closer Look at the LAPSUS$ Data Extortion Group
RedLine Stealer
2022-03-23SecurityAffairsPierluigi Paganini
@online{paganini:20220323:its:93ae664, author = {Pierluigi Paganini}, title = {{It’s official, Lapsus$ gang compromised a Microsoft employee’s account}}, date = {2022-03-23}, organization = {SecurityAffairs}, url = {https://securityaffairs.co/wordpress/129391/hacking/lapsus-gang-compromised-microsoft-employees-account.html}, language = {English}, urldate = {2022-03-25} } It’s official, Lapsus$ gang compromised a Microsoft employee’s account
RedLine Stealer
2022-03-22The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20220322:microsoft:3373c3d, author = {Ravie Lakshmanan}, title = {{Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group}}, date = {2022-03-22}, organization = {The Hacker News}, url = {https://thehackernews.com/2022/03/microsoft-and-okta-confirm-breach-by.html}, language = {English}, urldate = {2022-03-23} } Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group
RedLine Stealer
2022-03-22MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20220322:dev0537:eea56dc, author = {Microsoft Threat Intelligence Center (MSTIC) and Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{DEV-0537 (UNC3661) criminal actor targeting organizations for data exfiltration and destruction}}, date = {2022-03-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/}, language = {English}, urldate = {2022-08-05} } DEV-0537 (UNC3661) criminal actor targeting organizations for data exfiltration and destruction
RedLine Stealer LAPSUS
2022-03-22Bleeping ComputerLawrence Abrams
@online{abrams:20220322:microsoft:54e0518, author = {Lawrence Abrams}, title = {{Microsoft confirms they were hacked by Lapsus$ extortion group}}, date = {2022-03-22}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-they-were-hacked-by-lapsus-extortion-group/}, language = {English}, urldate = {2022-03-23} } Microsoft confirms they were hacked by Lapsus$ extortion group
RedLine Stealer
2022-03-13Bleeping ComputerBill Toulas
@online{toulas:20220313:fake:e8628a0, author = {Bill Toulas}, title = {{Fake Valorant cheats on YouTube infect you with RedLine stealer}}, date = {2022-03-13}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/fake-valorant-cheats-on-youtube-infect-you-with-redline-stealer/}, language = {English}, urldate = {2022-03-14} } Fake Valorant cheats on YouTube infect you with RedLine stealer
RedLine Stealer
2022-03-03Medium s2wlabJiho Kim
@online{kim:20220303:deep:3cac6e2, author = {Jiho Kim}, title = {{Deep Analysis of Redline Stealer: Leaked Credential with WCF}}, date = {2022-03-03}, organization = {Medium s2wlab}, url = {https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904}, language = {English}, urldate = {2022-03-07} } Deep Analysis of Redline Stealer: Leaked Credential with WCF
RedLine Stealer
2022-02-09BleepingComputerBill Toulas
@online{toulas:20220209:fake:a26dcb6, author = {Bill Toulas}, title = {{Fake Windows 11 upgrade installers infect you with RedLine malware}}, date = {2022-02-09}, organization = {BleepingComputer}, url = {https://www.bleepingcomputer.com/news/security/fake-windows-11-upgrade-installers-infect-you-with-redline-malware/}, language = {English}, urldate = {2022-02-10} } Fake Windows 11 upgrade installers infect you with RedLine malware
RedLine Stealer
2022-02-08HPPatrick Schläpfer
@online{schlpfer:20220208:attackers:1a91251, author = {Patrick Schläpfer}, title = {{Attackers Disguise RedLine Stealer as a Windows 11 Upgrade}}, date = {2022-02-08}, organization = {HP}, url = {https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/}, language = {English}, urldate = {2022-02-14} } Attackers Disguise RedLine Stealer as a Windows 11 Upgrade
RedLine Stealer
2022-02-08Intel 471Intel 471
@online{471:20220208:privateloader:5e226cd, author = {Intel 471}, title = {{PrivateLoader: The first step in many malware schemes}}, date = {2022-02-08}, organization = {Intel 471}, url = {https://intel471.com/blog/privateloader-malware}, language = {English}, urldate = {2022-05-09} } PrivateLoader: The first step in many malware schemes
Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar
2022-02-07TrellixTaylor Mullins
@online{mullins:20220207:trellix:07fa2d5, author = {Taylor Mullins}, title = {{Trellix Global Defenders: Invasion of the Information Snatchers - Protecting against RedLine Infostealer}}, date = {2022-02-07}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/trellix-global-defenders-invaders-of-the-information-snatchers.html}, language = {English}, urldate = {2022-02-09} } Trellix Global Defenders: Invasion of the Information Snatchers - Protecting against RedLine Infostealer
RedLine Stealer
2022-01-20blog.rootshell.beXavier Mertens
@online{mertens:20220120:sans:bc9b319, author = {Xavier Mertens}, title = {{[SANS ISC] RedLine Stealer Delivered Through FTP}}, date = {2022-01-20}, organization = {blog.rootshell.be}, url = {https://blog.rootshell.be/2022/01/20/sans-isc-redline-stealer-delivered-through-ftp/}, language = {English}, urldate = {2022-02-01} } [SANS ISC] RedLine Stealer Delivered Through FTP
RedLine Stealer
2022-01-20SANS ISC InfoSec ForumsXavier Mertens
@online{mertens:20220120:redline:87c27db, author = {Xavier Mertens}, title = {{RedLine Stealer Delivered Through FTP}}, date = {2022-01-20}, organization = {SANS ISC InfoSec Forums}, url = {https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/}, language = {English}, urldate = {2022-01-24} } RedLine Stealer Delivered Through FTP
RedLine Stealer
2022-01-19ChainanalysisChainalysis Team
@online{team:20220119:meet:b0e3f43, author = {Chainalysis Team}, title = {{Meet the Malware Families Helping Hackers Steal and Mine Millions in Cryptocurrency}}, date = {2022-01-19}, organization = {Chainanalysis}, url = {https://blog.chainalysis.com/reports/2022-crypto-crime-report-preview-malware/}, language = {English}, urldate = {2022-01-24} } Meet the Malware Families Helping Hackers Steal and Mine Millions in Cryptocurrency
Glupteba RedLine Stealer
2022-01-10FortinetShunichi Imano, Fred Gutierrez
@online{imano:20220110:covid:c51ead7, author = {Shunichi Imano and Fred Gutierrez}, title = {{COVID Omicron Variant Lure Used to Distribute RedLine Stealer}}, date = {2022-01-10}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/omicron-variant-lure-used-to-distribute-redline-stealer}, language = {English}, urldate = {2022-01-18} } COVID Omicron Variant Lure Used to Distribute RedLine Stealer
RedLine Stealer
2022-01-03AhnLabASEC Analysis Team
@online{team:20220103:distribution:6b19c5a, author = {ASEC Analysis Team}, title = {{Distribution of Redline Stealer Disguised as Software Crack}}, date = {2022-01-03}, organization = {AhnLab}, url = {https://asec.ahnlab.com/en/30445/}, language = {English}, urldate = {2022-01-25} } Distribution of Redline Stealer Disguised as Software Crack
DanaBot RedLine Stealer Vidar
2022-01-02Atomic Matryoshkaz3r0day_504
@online{z3r0day504:20220102:cracking:0315ea6, author = {z3r0day_504}, title = {{"Cracking Open the Malware Piñata" Series: Intro to Dynamic Analysis with RedLineStealer}}, date = {2022-01-02}, organization = {Atomic Matryoshka}, url = {https://www.atomicmatryoshka.com/post/cracking-open-the-malware-pi%C3%B1ata-series-intro-to-dynamic-analysis-with-redlinestealer}, language = {English}, urldate = {2022-05-29} } "Cracking Open the Malware Piñata" Series: Intro to Dynamic Analysis with RedLineStealer
RedLine Stealer
2021-12-02CiscoTiago Pereira
@online{pereira:20211202:magnat:15dcabb, author = {Tiago Pereira}, title = {{Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension}}, date = {2021-12-02}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/12/magnat-campaigns-use-malvertising-to.html}, language = {English}, urldate = {2021-12-07} } Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension
Azorult RedLine Stealer
2021-11-29Trend MicroJaromír Hořejší
@online{hoej:20211129:campaign:6e23cf5, author = {Jaromír Hořejší}, title = {{Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites}}, date = {2021-11-29}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/k/campaign-abusing-rats-uses-fake-websites.html}, language = {English}, urldate = {2021-12-07} } Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos
2021-11-02MinervaNatalie Zargarov
@online{zargarov:20211102:underminer:f03f426, author = {Natalie Zargarov}, title = {{Underminer Exploit Kit: The More You Check The More Evasive You Become}}, date = {2021-11-02}, organization = {Minerva}, url = {https://blog.minerva-labs.com/underminer-exploit-kit-the-more-you-check-the-more-evasive-you-become}, language = {English}, urldate = {2021-11-03} } Underminer Exploit Kit: The More You Check The More Evasive You Become
Amadey Oski Stealer RedLine Stealer UnderminerEK
2021-10-21Bleeping ComputerLawrence Abrams
@online{abrams:20211021:massive:89295e6, author = {Lawrence Abrams}, title = {{Massive campaign uses YouTube to push password-stealing malware}}, date = {2021-10-21}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/massive-campaign-uses-youtube-to-push-password-stealing-malware/}, language = {English}, urldate = {2021-11-02} } Massive campaign uses YouTube to push password-stealing malware
Raccoon RedLine Stealer
2021-10-14Recorded FutureInsikt Group®
@techreport{group:20211014:redline:66899ec, author = {Insikt Group®}, title = {{RedLine Stealer Is Key Source of Identity Data for Criminal Shops}}, date = {2021-10-14}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/mtp-2021-1014.pdf}, language = {English}, urldate = {2021-10-24} } RedLine Stealer Is Key Source of Identity Data for Criminal Shops
RedLine Stealer
2021-09-27Trend MicroRyan Maglaque, Joelson Soares, Gilbert Sison, Arianne Dela Cruz, Warren Sto.Tomas
@online{maglaque:20210927:fake:e02e3a3, author = {Ryan Maglaque and Joelson Soares and Gilbert Sison and Arianne Dela Cruz and Warren Sto.Tomas}, title = {{Fake Installers Drop Malware and Open Doors for Opportunistic Attackers}}, date = {2021-09-27}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/i/fake-installers-drop-malware-and-open-doors-for-opportunistic-attackers.html}, language = {English}, urldate = {2021-10-05} } Fake Installers Drop Malware and Open Doors for Opportunistic Attackers
RedLine Stealer Socelars Vidar
2021-09-27Cyber-AnubisNidal Fikri
@online{fikri:20210927:redline:37cd84a, author = {Nidal Fikri}, title = {{RedLine Infostealer | Detailed Reverse Engineering}}, date = {2021-09-27}, organization = {Cyber-Anubis}, url = {https://cyber-anubis.github.io/malware%20analysis/redline/}, language = {English}, urldate = {2021-10-05} } RedLine Infostealer | Detailed Reverse Engineering
RedLine Stealer
2021-08-26Minerva LabsMinerva Labs
@online{labs:20210826:become:f38fe74, author = {Minerva Labs}, title = {{Become A VIP Victim With New Discord Distributed Malware}}, date = {2021-08-26}, organization = {Minerva Labs}, url = {https://blog.minerva-labs.com/become-a-vip-victim-with-new-discord-distributed-malware}, language = {English}, urldate = {2021-09-12} } Become A VIP Victim With New Discord Distributed Malware
BlackNET RAT RedLine Stealer
2021-08-04ASECASEC
@online{asec:20210804:sw:fd538d1, author = {ASEC}, title = {{S/W Download Camouflage, Spreading Various Kinds of Malware}}, date = {2021-08-04}, organization = {ASEC}, url = {https://asec.ahnlab.com/ko/25837/}, language = {Korean}, urldate = {2022-03-07} } S/W Download Camouflage, Spreading Various Kinds of Malware
Raccoon RedLine Stealer Remcos Vidar
2021-07-12IBMMelissa Frydrych, Claire Zaboeva, Dan Dash
@online{frydrych:20210712:roboski:1f66418, author = {Melissa Frydrych and Claire Zaboeva and Dan Dash}, title = {{RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation}}, date = {2021-07-12}, organization = {IBM}, url = {https://securityintelligence.com/posts/roboski-global-recovery-automation/}, language = {English}, urldate = {2021-07-20} } RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos
2021-07-12Cipher Tech SolutionsMelissa Frydrych, Claire Zaboeva, Dan Dash
@online{frydrych:20210712:roboski:a3c66bf, author = {Melissa Frydrych and Claire Zaboeva and Dan Dash}, title = {{RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation}}, date = {2021-07-12}, organization = {Cipher Tech Solutions}, url = {https://www.ciphertechsolutions.com/roboski-global-recovery-automation/}, language = {English}, urldate = {2021-07-20} } RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos
2021-07-08BlackberryThe BlackBerry Research and Intelligence Team
@online{team:20210708:threat:c31cba6, author = {The BlackBerry Research and Intelligence Team}, title = {{Threat Thursday: Redline Infostealer}}, date = {2021-07-08}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/07/threat-thursday-redline-infostealer}, language = {English}, urldate = {2021-07-19} } Threat Thursday: Redline Infostealer
RedLine Stealer
2021-06-14Blaze's Security BlogBartBlaze
@online{bartblaze:20210614:digital:f5d4313, author = {BartBlaze}, title = {{Digital artists targeted in RedLine infostealer campaign}}, date = {2021-06-14}, organization = {Blaze's Security Blog}, url = {https://bartblaze.blogspot.com/2021/06/digital-artists-targeted-in-redline.html}, language = {English}, urldate = {2021-06-16} } Digital artists targeted in RedLine infostealer campaign
RedLine Stealer
2021-06-02MorphisecMichael Gorelik
@online{gorelik:20210602:google:eb1bf13, author = {Michael Gorelik}, title = {{Google PPC Ads Deliver Redline, Taurus, and mini-Redline Infostealers}}, date = {2021-06-02}, organization = {Morphisec}, url = {https://blog.morphisec.com/google-ppc-ads-deliver-redline-taurus-and-mini-redline-infostealers}, language = {English}, urldate = {2021-06-16} } Google PPC Ads Deliver Redline, Taurus, and mini-Redline Infostealers
RedLine Stealer Taurus Stealer
2021-04-27Minerva LabsMinerva Labs
@online{labs:20210427:redline:f60a1c6, author = {Minerva Labs}, title = {{RedLine Stealer Masquerades as Telegram Installer}}, date = {2021-04-27}, organization = {Minerva Labs}, url = {https://blog.minerva-labs.com/redline-stealer-masquerades-as-telegram-installer}, language = {English}, urldate = {2021-05-04} } RedLine Stealer Masquerades as Telegram Installer
RedLine Stealer
2021-01-18Medium csis-techblogBenoît Ancel
@online{ancel:20210118:gcleaner:f8b9064, author = {Benoît Ancel}, title = {{GCleaner — Garbage Provider Since 2019}}, date = {2021-01-18}, organization = {Medium csis-techblog}, url = {https://medium.com/csis-techblog/gcleaner-garbage-provider-since-2019-2708e7c87a8a}, language = {English}, urldate = {2021-01-21} } GCleaner — Garbage Provider Since 2019
Amadey Ficker Stealer Raccoon RedLine Stealer SmokeLoader STOP
2020-10-05JuniperPaul Kimayong
@online{kimayong:20201005:new:739309f, author = {Paul Kimayong}, title = {{New pastebin-like service used in multiple malware campaigns}}, date = {2020-10-05}, organization = {Juniper}, url = {https://blogs.juniper.net/en-us/threat-research/new-pastebin-like-service-used-in-multiple-malware-campaigns}, language = {English}, urldate = {2020-10-07} } New pastebin-like service used in multiple malware campaigns
Agent Tesla LimeRAT RedLine Stealer
2020-09-07Github (StrangerealIntel)StrangerealIntel
@online{strangerealintel:20200907:time:07064dc, author = {StrangerealIntel}, title = {{Time to take the bull by the horns}}, date = {2020-09-07}, organization = {Github (StrangerealIntel)}, url = {https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/Additional%20Analysis/UnknownTA/2020-09-07/Analysis.md}, language = {English}, urldate = {2020-09-15} } Time to take the bull by the horns
RedLine Stealer Taurus Stealer
2020-07-30SpamhausSpamhaus Malware Labs
@techreport{labs:20200730:spamhaus:038546d, author = {Spamhaus Malware Labs}, title = {{Spamhaus Botnet Threat Update Q2 2020}}, date = {2020-07-30}, institution = {Spamhaus}, url = {https://www.spamhaus.org/news/images/botnet-report-2020-q2/2020-q2-spamhaus-botnet-threat-report.pdf}, language = {English}, urldate = {2020-07-30} } Spamhaus Botnet Threat Update Q2 2020
AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader
2020-07-02ZscalerMohd Sadique
@online{sadique:20200702:cybergate:b091287, author = {Mohd Sadique}, title = {{CyberGate RAT and RedLine Stealer Delivered in Ongoing AutoIt Malware Campaigns}}, date = {2020-07-02}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/cybergate-rat-and-redline-stealer-delivered-ongoing-autoit-malware-campaigns}, language = {English}, urldate = {2022-02-17} } CyberGate RAT and RedLine Stealer Delivered in Ongoing AutoIt Malware Campaigns
CyberGate RedLine Stealer
2020-03-19Bleeping ComputerLawrence Abrams
@online{abrams:20200319:redline:5966456, author = {Lawrence Abrams}, title = {{RedLine Info-Stealing Malware Spread by Folding@home Phishing}}, date = {2020-03-19}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/redline-info-stealing-malware-spread-by-folding-home-phishing/}, language = {English}, urldate = {2020-03-22} } RedLine Info-Stealing Malware Spread by Folding@home Phishing
RedLine Stealer
2020-03-16ProofpointJeremy H, Axel F, Proofpoint Threat Insight Team
@online{h:20200316:new:60f8c3d, author = {Jeremy H and Axel F and Proofpoint Threat Insight Team}, title = {{New RedLine Stealer Distributed Using Coronavirus-themed Email Campaign}}, date = {2020-03-16}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/new-redline-stealer-distributed-using-coronavirus-themed-email-campaign}, language = {English}, urldate = {2020-03-17} } New RedLine Stealer Distributed Using Coronavirus-themed Email Campaign
RedLine Stealer
2020-03-16ProofpointSherrod DeGrippo
@online{degrippo:20200316:ta505:6cfbbb0, author = {Sherrod DeGrippo}, title = {{TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years}}, date = {2020-03-16}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/ta505-and-others-launch-new-coronavirus-campaigns-now-largest-collection-attack}, language = {English}, urldate = {2020-04-26} } TA505 and Others Launch New Coronavirus Campaigns; Now the Largest Collection of Attack Types in Years
RedLine Stealer

There is no Yara-Signature yet.