Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 20/06/2022

20th of June 2022 - Winners of the 25th week : Redline, Emotet and NjRAT .

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

20/06/2022

Distribution :

TLP : WHITE  

What's new?

Redline (NC)

RedLine Stealer returns in a new campaign

#RedLine Stealer is back with new tricks to target users.

The highlight of this campaign is that the attackers had exploited the #PureCrypter injection module to deploy the infostealer. According to the #Qualys threat research team, the campaign distributing the #RedLine #InfoStealer was active from January to March 2022. The campaign used pirated software encased in #Zip archives. The fake software imitated legitimate #crypto-currency or #NFT wallet applications such as the Gigaland NFT Marketplace and Dinox (an NFT-themed collection game) to lure users.

Users are redirected to these pirated software archives via URL shorteners and fake sites hosted on the #Discord CDN. Once the victim clicked on these fake archives, the #PureCrypter downloader was deployed and then ran #RedLine Stealer.

https://cyware.com/news/redline-stealer-returns-in-a-new-campaign-e5ca20e2

 

Download the report

 

 

Print Email