ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool RedLine

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: RedLine

NamesRedLine
RedLine Stealer
CategoryMalware
TypeBackdoor, Info stealer
Description(Cofense) RedLine Stealer, first seen in 2020, is probably the most well-known stealer on this list. It uses Simple Object Access Protocol (SOAP) for communication with its command-and-control center and can use a variety of plugins. It’s used to collect information from various installed programs including credentials stored in browsers, email applications, as well as cryptocurrency wallet data. RedLine Stealer is often associated with sophisticated phishing campaigns that, after a successful infection, can deliver additional payloads like ransomware or more advanced malware.
Information<https://cofense.com/blog/luxury-hotels-remain-target-of-social-engineering-attack/>
<https://www.trendmicro.com/en_us/research/23/i/redline-vidar-first-abuses-ev-certificates.html>
<https://www.infosecurity-magazine.com/news/redline-stealer-malware-scrubcrypt/>
<https://unit42.paloaltonetworks.com/malware-configuration-extraction-techniques-guloader-redline-stealer/>
<https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/>
<https://www.bleepingcomputer.com/news/legal/redline-meta-infostealer-malware-operations-seized-by-police/>
<https://www.justice.gov/usao-wdtx/pr/us-joins-international-action-against-redline-and-meta-infostealers>
<https://www.welivesecurity.com/en/eset-research/life-crooked-redline-analyzing-infamous-infostealers-backend/>

Last change to this tool card: 26 December 2024

Download this tool card in JSON format

Previous: RedLeaves
Next: RedPepper

All groups using tool RedLine

ChangedNameCountryObserved

APT groups

     ↳ Subgroup: Scattered Spider[Unknown]2022-Dec 2024X

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents
Telephone +66 (0)2-123-1227
E-mail [email protected]