Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 19/10/2021

19th of October 2021 - Winners of the 42th week : Redline, FormBook and NjRAT.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

19/10/2021

Distribution :

TLP : WHITE  

What's new?

Redline(NC)

Shining a Light on RedLine Stealer Malware

#Insikt Group released a report about #RedLine stealer malware. Advertised on various forums and #Telegram by the actor #REDGlade since February 2020, this #information stealer has been widely offered as a Malware-as-a-Service (#MaaS) with various optional functions or different subscription lengths. It has been promoted on "Best hack Forum" (#BHF) for the first time before an increase of its activities in March 2021 and has been constant since then. In June, a post on #Exploit forum named “#Raccoon vs #Redline vs #Smoke” where cybercriminals discussed about pro and cons of information stealers, stated that redline has interesting functions like the crypt service #Spectrum Crypt Service. The malware was praised by some actors who were ready to pay for a lifetime license or its source code. Redline service includes stolen #credentials or data from all #Chromium or #Mozilla Gecko based web browsers, a custom file grabber, #system information collection as well as a user-friendly configuration panel. As many mainstream software, a cracked version has been posted on #XSS Forum during August 2021 by the user @alfi1331.

 

https://www.recordedfuture.com/shining-light-on-redline-stealer-malware/

 

Download the report