Names | RedLine RedLine Stealer | |
Category | Malware | |
Type | Backdoor, Info stealer | |
Description | (Cofense) RedLine Stealer, first seen in 2020, is probably the most well-known stealer on this list. It uses Simple Object Access Protocol (SOAP) for communication with its command-and-control center and can use a variety of plugins. It’s used to collect information from various installed programs including credentials stored in browsers, email applications, as well as cryptocurrency wallet data. RedLine Stealer is often associated with sophisticated phishing campaigns that, after a successful infection, can deliver additional payloads like ransomware or more advanced malware. | |
Information | <https://cofense.com/blog/luxury-hotels-remain-target-of-social-engineering-attack/> <https://www.trendmicro.com/en_us/research/23/i/redline-vidar-first-abuses-ev-certificates.html> <https://www.infosecurity-magazine.com/news/redline-stealer-malware-scrubcrypt/> <https://unit42.paloaltonetworks.com/malware-configuration-extraction-techniques-guloader-redline-stealer/> <https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/> |
Last change to this tool card: 22 April 2024
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
↳ Subgroup: Scattered Spider | [Unknown] | 2022-Jul 2024 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |