March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – NJRAT – Active IOCs
September 20, 2021Rewterz Threat Advisory – ICS : Schneider Electric EcoStruxure and SCADAPack
September 20, 2021Rewterz Threat Alert – NJRAT – Active IOCs
September 20, 2021Rewterz Threat Advisory – ICS : Schneider Electric EcoStruxure and SCADAPack
September 20, 2021
Severity
High
Analysis Summary
Redline the data burglar of users’ confidential information from web browsers and by installing malicious software this redline stealer can harm the operating systems. The malware appeared in March 2020 according to the Proofpoint investigation. During the COVID-19 pandemic, redline spread across many countries and it is still active to achieve its purpose by stealing passwords, credit card information, username, location, autofill data, cookies, software set, and even hardware configuration like keyboard layout, UAC settings, etc.
Impact
- Credential Theft
- Unauthorized Access
Indicators of Compromise
Filename
- Exodus[.]exe
- bad_boost[.]exe
- FIVEM INJECT[.]sample
MD5
- eac3c0a66a673e078f98098fef17dd2c
- 4b362819a901340526ba9a94771fb73d
- df00f3ea8d957274eaef641a5efbee21
SHA-256
- 120b2be1abc960719b7d37b225d7944b98ededa72a7270a0b683967a37c99e7a
- 00706aeb7422cf62dbcf72342b913d32e85a68d025629d9ea464162ece67bcc2
- 4e1ad22aae029411a7428fe62522e2b393a09fe3b10fbc3f916d41fd0b532dae
SHA-1
- 40135448dffb82708e83c7e7fb2d522345cc9823
- 8cd188afe7a8ceced6bcc93e7e8b524dfd7ed15f
- a2d0736dc7ce9cb617c328b194a220259c52bd98
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.