Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 25, 2023Severity Medium Analysis Summary GandCrab – a ransomware-as-a-service variant – was discovered in early 2018. At least five versions of GandCrab have been created since its […]March 25, 2023Severity Medium Analysis Summary NjRat is a Remote Access Trojan, which is found leveraging Pastebin to deliver a second-stage payload after initial infection. There are multiple […]March 24, 2023Severity Medium Analysis Summary CVE-2023-20113 Cisco SD-WAN vManage Software is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 25, 2023Severity Medium Analysis Summary GandCrab – a ransomware-as-a-service variant – was discovered in early 2018. At least five versions of GandCrab have been created since its […]March 25, 2023Severity Medium Analysis Summary NjRat is a Remote Access Trojan, which is found leveraging Pastebin to deliver a second-stage payload after initial infection. There are multiple […]March 24, 2023Severity Medium Analysis Summary CVE-2023-20113 Cisco SD-WAN vManage Software is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – DarkCrystal RAT (DCRat) – Active IOCs
February 27, 2023Rewterz Threat Alert – CryptBot Trojan – Active IOCs
February 27, 2023
Severity
High
Analysis Summary
Redline Stealer is a type of malware that is used for stealing sensitive information from victims’ computers. It is designed to be discreet and can run on the background of a computer system without being detected by the user.
Redline Stealer is often spread through phishing emails or malicious downloads, and once it has infected a computer, it can collect a wide range of information, including passwords, credit card details, and other personal information.
The malware has been known to target a variety of applications and software, including web browsers, email clients, and messaging applications. It can also capture screenshots and record keystrokes to collect additional information.
Redline Stealer has been used in several high-profile cyber attacks and is considered a significant threat to computer security. To protect against it, users are advised to keep their software up to date, avoid downloading files from untrusted sources, and use anti-virus software.
Impact
- Data Exfiltration
- Credential Theft
- Information Theft
- Financial Loss
Indicators of Compromise
MD5
- 9c55fb99fe1ebde1826527a1f6c90b34
- 4a0cc0ed48f599b03f33d96658defc63
- 2a9b7362dc42ee7b1ca537426f846381
SHA-256
- d95e87bd76687c3925bc00959d15cf2b8d7f2e8fc78bdd67fd6646063961c149
- d63641a4b97a42631d79734f6fe34058b27e84a33b1a7a6685a031d836a7711b
- 38917fa4594d6540b4e94c419e1401ef02226b3b1fd0dceee02f917f59be4ebc
SHA-1
- 73f16d77574348b0d65b975ee49bde4a20024105
- 6220c5c5bda01ef90e38eb923417475c5ec9fde3
- 2fac7077b3075c66e4def78623f4a19548d2f403
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders
- Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets.