Redline

Malware updated 22 days ago (2024-10-03T23:01:21.088Z)
Download STIX
Preview STIX
RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, RedLine can steal personal information, disrupt operations, or deliver further malware such as ransomware. The malware has been historically favored by threat actors selling logs through 2easy, although other infostealers like Raccoon, Vidar, and AZORult are also sold on the marketplace. Notably, during the configuration process of RedLine, an additional RedLine sample may be embedded in the dotRunpeX, even if it wasn't desired. RedLine, along with other malwares like Anubis, SpiderMan, Oski Stealer, and Loki Stealer, have prominent representation on Telegram. However, users expecting to receive these tools often end up downloading malicious payloads such as Lumma and RedLine. These can be used to deliver more harmful software, including ransomware. Cybercriminal groups such as Fin7 have been known to use RedLine for credential stealing, along with Lumma Stealer and the NetSupport remote access Trojan. The malware has been distributed widely, often hidden behind legitimate-seeming entities. For instance, attackers have hidden RedLine behind ChatGPT Google Bard Facebook ads, and it has been planted by IABs along with other malware like DarkGate, Qakbot, or Raccoon. Moreover, the AhnLab Security Intelligence Center (ASEC) has reported cases where cybercriminals hijack popular YouTube channels to distribute malware such as RedLine. This includes a case where a YouTube video offered a cracked version of Adobe After Effects, but instead delivered RedLine.
Description last updated: 2024-10-03T22:15:51.700Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Redline Stealer is a possible alias for Redline. RedLine Stealer is a type of malware, or malicious software, that infiltrates computer systems with the intent to exploit and cause damage. It typically gains access through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside the system, it can steal personal i
11
Azorult is a possible alias for Redline. Azorult is a type of malware, or malicious software, that infiltrates systems to exploit and damage them, often without the user's knowledge. It has historically been one of the favored infostealers sold on the marketplace 2easy, alongside RedLine, Raccoon, Vidar, and Taurus. However, as of late Feb
5
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Ransomware
Infostealer
Phishing
Windows
Loader
Credentials
Payload
Exploit
Trojan
Youtube
Telegram
Bot
Cybercrime
Midjourney
Maas
Scams
Infostealer ...
Fraud
Injector
Downloader
16shop
Resecurity
Espionage
Rat
Cobalt Strike
Infostealers
Tool
Exploit Kit
Antivirus
Github
Facebook
Acrobat
Vpn
Discord
Malvertising
Macos
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Vidar Malware is associated with Redline. Vidar is a Windows-based malware, written in C++, that primarily functions as an infostealer. It is based on the Arkei stealer and typically targets various types of data, using the ACR Stealer as an exfiltration module. However, in a unique twist, Vidar downloads the ACR stealer instead of stealingUnspecified
12
The Raccoon Malware is associated with Redline. Raccoon is a malicious software (malware) developed by Russian-speaking coders, first spotted in April 2019. It was designed to steal sensitive data such as credit card information, email credentials, cryptocurrency wallets, and more from its victims. The malware is offered as a service (MaaS) for $Unspecified
8
The Agenttesla Malware is associated with Redline. AgentTesla is a well-known remote access trojan (RAT) that has been used extensively in cybercrime operations. It infiltrates systems through various methods, including malicious emails and suspicious downloads. Once inside, it can steal personal information, disrupt operations, or hold data hostageUnspecified
5
The Batloader Malware is associated with Redline. Batloader is a malware downloader posing as installers or updates for legitimate applications such as Microsoft Teams, Zoom, and others. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personalUnspecified
5
The Lumma Stealer Malware is associated with Redline. Lumma Stealer is a highly sophisticated malware variant known for its extensive data-harvesting capabilities. It is designed to steal sensitive information such as passwords, card details, cryptocurrency wallets, and browser session cookies from infected devices. Lumma Stealer employs a DLL side-loaUnspecified
4
The QakBot Malware is associated with Redline. Qakbot is a potent piece of malware, or malicious software, that infiltrates computer systems through suspicious downloads, emails, or websites. Once installed, it can steal personal information, disrupt operations, or even hold data hostage for ransom. This malware, built by various groups includinUnspecified
4
The Amadey Malware is associated with Redline. Amadey is a form of malware, a malicious software designed to exploit and damage computer systems. This particular malware is distributed via the Amadey loader, which can be disseminated through phishing emails or downloads from compromised sites. It has been observed that the individual behind the Unspecified
4
The NanoCore Malware is associated with Redline. NanoCore is a notorious Remote Access Trojan (RAT) first discovered in 2013. It targets Windows operating system users and operates by opening a backdoor on an infected computer to steal information. NanoCore has maintained a top five position for six consecutive months, taking the third spot in DecUnspecified
4
The Risepro Malware is associated with Redline. RisePro is a type of malware, specifically an info-stealer, designed to infiltrate and damage computer systems. It operates by exploiting vulnerabilities in a device, often through suspicious downloads, emails, or websites, typically without the user's knowledge. Once inside, RisePro can disrupt opeUnspecified
4
The Lumma Malware is associated with Redline. Lumma Stealer, a Malware-as-a-Service (MaaS), has emerged as a significant cybersecurity threat. It is commonly used by threat actors to steal sensitive information such as passwords and crypto-wallet data. In the latest attack chain detailed by Qualys researchers, Lumma Stealer uses malicious CAPTCUnspecified
4
The Mars Malware is associated with Redline. Mars is a malicious software (malware) that has been discovered by the Trend Micro Mobile Application Reputation Service (MARS) team. This malware, related to other known threats like Vidar and Redline, has been involved in cryptocurrency-mining and financially-motivated scam campaigns targeting AndUnspecified
3
The Lummac2 Malware is associated with Redline. LummaC2 is a dynamic malware strain, first identified in Russian-speaking forums in 2022. It's written in C and distributed as Malware-as-a-Service (MaaS). The malware has been actively exploiting PowerShell commands to infiltrate systems and exfiltrate sensitive data. In 2023, LummaC2's use expandeUnspecified
3
The Darkgate Malware is associated with Redline. DarkGate is a multifunctional malware that poses significant threats to computer systems and networks. It has been associated with various malicious activities such as information theft, credential stealing, cryptocurrency theft, and ransomware delivery. DarkGate infiltrates systems through suspicioUnspecified
3
The njRAT Malware is associated with Redline. NjRAT is a remote-access Trojan (RAT) that has been in use since 2013, often deployed in both criminal and targeted attacks. This malware can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, NjRAT can steal personal information, dUnspecified
2
The Lockbit Malware is associated with Redline. LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It typically enters through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data hostage forUnspecified
2
The Scrubcrypt Malware is associated with Redline. ScrubCrypt is a sophisticated malware that has been used as a delivery mechanism for other malicious software, notably VenomRAT. The malware operates by exploiting systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside the system, ScrubCrypt can disruptUnspecified
2
The Xworm Malware is associated with Redline. XWorm is a sophisticated piece of malware designed to infiltrate and exploit computer systems, often without the user's knowledge. It can be delivered through various means such as suspicious downloads, emails, or websites, and once inside a system, it can steal personal information, disrupt operatiUnspecified
2
The Stealc Malware is associated with Redline. StealC is a pernicious malware that specifically targets browser extensions and authenticators by password managers. It came to the forefront following a significant attack on the Solana blockchain in 2023, which resulted in a $7 million heist due to a related malware called Luca Stealer. The StealCUnspecified
2
The Agent Tesla Malware is associated with Redline. Agent Tesla is a well-known malware that primarily targets systems through phishing attacks, exploiting an outdated Microsoft Office vulnerability (CVE-2017-11882). This malicious software is designed to infiltrate computer systems, often without the user's knowledge, and can steal personal informatUnspecified
2
The Formbook Malware is associated with Redline. Formbook is a type of malware, malicious software designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Formbook has been linked with other forms oUnspecified
2
The NETWIRE Malware is associated with Redline. NetWire is a type of malware, specifically a remote access trojan (RAT), that has been utilized for various malicious activities since at least 2014. Initially promoted as a legitimate tool for managing Windows computers remotely, NetWire was quickly adopted by cybercriminals and used in phishing atUnspecified
2
The Rhadamanthys Malware is associated with Redline. Rhadamanthys is a sophisticated malware that has been used by the threat actor TA547 to target German organizations. This malicious software, designed to exploit and damage computer systems, infiltrates devices through suspicious downloads, emails, or websites, often unbeknownst to the user. Once emUnspecified
2
The Raccoon Stealer Malware is associated with Redline. Raccoon Stealer, a malware-as-a-service (MaaS) operation, emerged in 2019, designed by Russian-speaking developers to steal victims' sensitive data such as credit card information, email credentials, and cryptocurrency wallets. The malware was initially promoted exclusively on Russian-speaking hackiUnspecified
2
The Lobshot Malware is associated with Redline. Lobshot is a stealthy remote access malware that has been used by cybercriminals, notably Russian threat actors, in various malicious campaigns. It was featured alongside other well-known malware samples like DarkGate infostealer, Ducktail, and Redline in deceptive campaigns where it was embedded inUnspecified
2
The malware Avemaria/warzonerat is associated with Redline. Unspecified
2
The Ducktail Malware is associated with Redline. "Ducktail" is a malicious software (malware) first observed in 2022, specifically designed to target Facebook business accounts. The malware was discovered by Zscaler, a leading cybersecurity firm, and it's suspected to originate from threat actors based in Vietnam. Ducktail not only infiltrates sysUnspecified
2
The Lokibot Malware is associated with Redline. LokiBot is a malicious software, or malware, that was first reported on October 24, 2020. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, LokiBot steals personal informationUnspecified
2
The Dotrunpex Malware is associated with Redline. DotRunpeX is a rapidly evolving and highly stealthy .NET injector malware that has gained significant attention from both security analysts and threat actors. It employs the "Process Hollowing" method to distribute a wide variety of other malware strains, including AgentTesla, ArrowRAT, AsyncRat, AvUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lapsus Group Threat Actor is associated with Redline. The Lapsus Group, identified as a threat actor originating from North Korea, has been involved in various cybercriminal activities, primarily focusing on cryptocurrency theft. This group is known for its use of sophisticated tools such as RedLine and QakBot, which have been instrumental in their opeUnspecified
2
Source Document References
Information about the Redline Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
22 days ago
BankInfoSecurity
22 days ago
DARKReading
a month ago
Recorded Future
a month ago
SANS ISC
2 months ago
Checkpoint
3 months ago
Checkpoint
3 months ago
ESET
4 months ago
DARKReading
4 months ago
Checkpoint
5 months ago
DARKReading
5 months ago
Securityaffairs
5 months ago
DARKReading
5 months ago
CERT-EU
7 months ago
InfoSecurity-magazine
7 months ago
CERT-EU
8 months ago
InfoSecurity-magazine
2 years ago
CERT-EU
8 months ago
CERT-EU
8 months ago
BankInfoSecurity
8 months ago