Using the URLhaus dataset, we can also learn that RedLine Stealer abuses several known legitimate file/code sharing and collaboration platforms for its campaigns. Based on URL tags, we can see that this Trojan is also bundled, downloaded or dropped by other malware like Amadey or SmokeLoader. Figure 1 shows the list of URLs from the data related to RedLine Stealer. To gain more insight on how this malware executes its campaign, the Splunk Threat Research Team (STRT) collected 90 days of URL data from URLhaus and used Jupyter Notebooks to analyze the dataset to identify trends of the RedLine URL links. One common initial access technique that this Trojan Stealer uses is a phishing URL link. The operators behind RedLine Stealer use several techniques to gain initial access to their victims. In this blog post, the Splunk Threat Research Team provides a deep dive analysis of this threat and valuable insights to enable blue teamers to defend and detect this malware variant.
#Redline design graphics software#
This malicious software has been in the top malware sample shared for months on anyrun statistics reports as well as in Malware bazaar. Amadey malware is a botnet that is being used now to distribute RedLine malware to steal data such as browser credentials, crypto wallets and even credit card information.
#Redline design graphics download#
Recently this year (May 10, 2023), there was a RedLine campaign found by stormshield that used a malicious chrome extension that will download several malware like Smoke Loader and Amadey Trojan. Many industries received these malicious campaigns, but the most impacted was the Healthcare and manufacturing sectors.
In 2020, there was a RedLine campaign that targeted both enterprise and personal devices. Since it was released, threat actors and adversaries have leveraged RedLine Stealer because of its availability and flexibility for stealing credentials that can cause financial loss and data leakage. It is typically distributed through phishing emails, social engineering tactics, and malicious URL links. RedLine Stealer is a malware strain designed to steal sensitive information from compromised systems.
0 kommentar(er)
