Rewterz

Rewterz Threat Alert – Cerberus Banking Trojan – Active IOCs

August 20, 2021
Rewterz

Rewterz Threat Advisory –CVE-2021-23424 – Node.js ansi-html Module Vulnerability

August 20, 2021

Rewterz Threat Alert – Red Line Malware – Active IOCs

Severity

High

Analysis Summary

Redline the data burglar of users’ confidential information from web browsers and by installing malicious software this redline stealer can harm the operating systems. The malware appeared in March 2020 according to the Proofpoint investigation. During the COVID-19 pandemic, redline spread across many countries and it is still active to achieve its purpose by stealing passwords, credit card information, username, location, autofill data, cookies, software set, and even hardware configuration like keyboard layout, UAC settings, etc.

redline stealer process graph

Impact

  • Credential Theft
  • Unauthorized Access

Indicators of Compromise

MD5

  • 52d99923bcf1e26d910533585a5f4128
  • 5413cf86f345eb88ebf8f8cb0ed602d1
  • 8b0f8c97e965175050da42c13c111b7d
  • 5413cf86f345eb88ebf8f8cb0ed602d1
  • 3eda59632a67aa35beb3417be7547010
  • acc4073919ccf1e57b495cd6aec95d0c

SHA-256

  • cbc441dc5fe4205f1e8c40dbd5cfc1bbdc61078ebf1c69619f2c2cd69a7d3b77
  • e454e7bb1ee2580c853cd3ade1a08905683412ffec054097c674190a69fc277b
  • f2c2ae6b9f8945f21f8d232657c6a4d4b66cac8f8a6563f032a56b7565673be7
  • e454e7bb1ee2580c853cd3ade1a08905683412ffec054097c674190a69fc277b
  • 7868847d629d9e4466c428d9864475cdf3f3c39dfd0f92a1b6f89b5f41c0ec16
  • 1b352faa42a25ce6aadee094f61b45cbfe783135b713b3badee956a9a37f8bdb

SHA-1

  • 245b2786016965fdf1feea0d3ed29f9ceae3bed3
  • 5c8b492d13ad6a58f75189d08b4f631670f05157
  • feae2a666f871ff303b2a2527c6f482b62bd9ddd
  • 5c8b492d13ad6a58f75189d08b4f631670f05157
  • 29e27862c577d4f53fd7b7ee4bb1efd782c1e5a1
  • 66132542955e6e645f7922a0db295e3be58d749f

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.