Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs

December 16, 2022

Rewterz Threat Alert – Shuckworm APT Group aka Armageddon – Active IOCs

December 19, 2022

Rewterz Threat Alert – RedLine Stealer – Active IOCs

December 19, 2022

Severity

Medium

Analysis Summary

Redline is an info stealer malware that steals information from web browsers and has the ability to corrupt operating systems by installing harmful software. It steals user information from browsers, instant messaging applications, and file transfer protocol clients. According to the Proofpoint analysis, the malware first appeared in March 2020. Redline expanded throughout several nations during the COVID-19 epidemic and is still active today. Passwords, credit card information, cookies, usernames, locations, autofill data, and even hardware configuration such as keyboard layout, UAC settings can be stolen by RedLine. RedLine is also capable of stealing cryptocurrency. This malware is a live campaign that is aimed at a variety of Asian organizations.

Impact

Data Exfiltration
Credential Theft
Information Theft
Financial Loss

Indicators of Compromise

IP

79.137.195.171

MD5

6e2517a25cf5f5bc77536a14652d0d7b
189845a60f24a6c10f759f71d9207b32

SHA-256

8b1f447246e4a0352dd6cb36279d23b12c9291b86a0a2d2162c5da162cf66e4c
6b955c6b75fd243f374ffffc38466f94889e3a5ccb3947babf4e79e8358db6fe

SHA-1

a2e1efdb7419ed6f97a7f9fdf563e60ec481022a
47ed094eeae6d3dd934f43f6fa35af2d586f3e5f

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Critical PHP RCE Vulnerability Under Mass Exploitation in New Attacks

Multiple Adobe Products Vulnerabilities

Apple WebKit Zero-Day Actively Exploited in High-Profile Cyber Attacks

Threat Insights

About Us

Our Leadership

CSR

Connect with Us