Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 15/02/2022

15th of February 2022 - Winners of the 7th week : Emotet, Redline and NjRAT.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

15/02/2022

Distribution :

TLP : WHITE  

What's new?

Redline (NC)

Attackers Disguise RedLine Stealer as a Windows 11 Upgrade

#HP Threat Research team discovered a new campaign related to the latest operating system from #Microsoft, Windows 11.

After #Microsoft announced that they started the last phase of upgrade to Windows 11 on January 27th, a suspicious domain named windows-upgraded[.]com which personalizes a typical Microsoft website where anyone could download a ZIP file, Windows11InstallationAssistant.zip, claiming the capability to install the new system but delivering the information stealer #Redline.

This opportunistic campaign is similar to another campaign in December 2021 where a phishing website was created impersonating social network #Discord also delivering Redline.

#Redline is an information stealer following a Malware-as-a-Service model (#MaaS) and running at least since 2020. It steals #credentials, #browser history, #credit card information as well as taking desktop #screenshots or saving #keystrokes. Redline also allows to execute commands on the victims and upload or download files.

 

https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/

 

Download the report