Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 1f9fbe19-2304-418d-9b4e-a7881fceeb30 |
| Fingerprint | c64c28d085b786cf |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 2, 2023, midnight |
| Added to db | Oct. 15, 2024, 3:34 p.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer |
| Title | Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer |
| Detected Hints/Tags/Attributes | 59/2/46 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 87 | booking.com |
|
| Details | Domain | 2 | christian-robinson-route.zip |
|
| Details | File | 173 | outlook.exe |
|
| Details | File | 2 | christian-robinson-route.zip |
|
| Details | File | 3 | christian-robinson-route.jpg |
|
| Details | File | 38 | 7.exe |
|
| Details | File | 2127 | cmd.exe |
|
| Details | File | 3 | ferriteswarmed.exe |
|
| Details | File | 40 | aspnet_compiler.exe |
|
| Details | File | 2 | booking-id669392.jpg |
|
| Details | File | 2 | booking-maps-id785392.exe |
|
| Details | File | 73 | trojan.msi |
|
| Details | File | 2 | booking-maps-id938192.exe |
|
| Details | File | 2 | booking-maps-id9382194.jpg |
|
| Details | File | 2 | christia-robinson-route.jpg |
|
| Details | File | 3 | contract.pdf |
|
| Details | File | 18 | trojanspy.msi |
|
| Details | File | 2 | googlemaps.exe |
|
| Details | File | 2 | googlephoto-milanazinowiewa.jpg |
|
| Details | File | 2 | id328493942-booking_info.jpg |
|
| Details | File | 2 | redline.dcr |
|
| Details | File | 2 | id695838211-booking-confirmation.exe |
|
| Details | File | 2 | maps-google-adolv.jpg |
|
| Details | File | 2 | michael-martinez-photo-route.jpg |
|
| Details | File | 2 | photo-my-and-wife-passport.exe |
|
| Details | File | 2 | route-map.png |
|
| Details | File | 16 | 2023.pdf |
|
| Details | sha256 | 2 | bf803adb5695fce143062e6f51980d46537167b7a9e0e85ad13a999e35bd0466 |
|
| Details | sha256 | 2 | 6c5a4a8b7554000d5ab5221c43f25f093ba6a37c6b2511335e002f333c5af6c4 |
|
| Details | sha256 | 2 | 9bacf20a00f73124039c4476d600e70293ae60d1d1d28290a63000b510f313f0 |
|
| Details | sha256 | 2 | 62e7d750df3bb49f9535e8b4ba91d5ba8f5c655a0027643b52a3d9ffb0b64208 |
|
| Details | sha256 | 2 | af23af4d4b3ba82c76a50bb631b4aca8d98e9a1560000d5c6fce39977cb9d362 |
|
| Details | sha256 | 2 | 84910fcdcb2edb3feeb3307bee0e6b33fc91caf8de344a3be71452b04b4595f0 |
|
| Details | sha256 | 2 | 6cbe9be190f521408438262d0c7f2ccbfab32a6df558cec2a264285fdfffe5c2 |
|
| Details | sha256 | 1 | 53af2c266c7f18e7c1ab16460d3c09d773fe93ac0a840fa83a30cc1020d1019a |
|
| Details | sha256 | 2 | 4f1c1565afc782e688945c07a486205c59d43a98ae577c5d065bfed9a47a983d |
|
| Details | sha256 | 2 | b5d8caa15cbf53d002edc6194abd0de43e4a139cc04f9703ae7bfc397bca66c8 |
|
| Details | sha256 | 2 | 43328f774db70b98c4cbe83cc3be18de20a29b073b483eec49c64c6c301e4079 |
|
| Details | sha256 | 2 | 1b5f1e505e57b9915418f251f9c2343302f0737bdd85126666db56a27f0142f2 |
|
| Details | sha256 | 2 | b83e50fa2c5c54e027f3bfe859e2a69e883bbb0080fed20aca176f77ad120fa1 |
|
| Details | IPv4 | 3 | 45.93.201.62 |
|
| Details | IPv4 | 6 | 45.93.201.114 |
|
| Details | IPv4 | 2 | 77.73.134.13 |
|
| Details | Url | 3 | http://45.93.201.62/docs |
|
| Details | Url | 2 | http://45.93.201.114/docs/fzljerifqjwftnjbrlnjpnrfnupnyg.txt |
|
| Details | Url | 2 | http://45.93.201.114/docs/. |