ioc[.]one - OSINT Cyber Threat Intelligence Database

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Code Signing - T1553.002 Code Signing Certificates - T1587.002 Code Signing Certificates - T1588.003 Double File Extension - T1036.007 Hardware - T1592.001 Javascript - T1059.007 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Private Keys - T1552.004 Server - T1583.004 Server - T1584.004 Software - T1592.002 Code Signing - T1116 Private Keys - T1145

Show in Graph

Common Information

Type	Value
UUID	312f0192-3002-4efc-a579-1fc508954350
Fingerprint	a46723b9077fb60d
Analysis status	DONE
Considered CTI value	0
Text language
Published	Sept. 13, 2023, midnight
Added to db	Nov. 19, 2023, 12:12 a.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware
Title	RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware
Detected Hints/Tags/Attributes	64/2/31

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_us/research/23/i/redline-vidar-first-abuses-ev-certificates.html
Details	Source	https://www.trendmicro.com/en_hk/research/23/i/redline-vidar-first-abuses-ev-certificates.html
Details	Source	https://www.trendmicro.com/en_be/research/23/i/redline-vidar-first-abuses-ev-certificates.html
Details	Source	https://www.trendmicro.com/en_ie/research/23/i/redline-vidar-first-abuses-ev-certificates.html
Details	Source	https://www.trendmicro.com/en_th/research/23/i/redline-vidar-first-abuses-ev-certificates.html
Details	Source	https://www.trendmicro.com/en_ae/research/23/i/redline-vidar-first-abuses-ev-certificates.html
Details	Source	https://www.trendmicro.com/en_se/research/23/i/redline-vidar-first-abuses-ev-certificates.html
Details	Source	https://www.trendmicro.com/en_nl/research/23/i/redline-vidar-first-abuses-ev-certificates.html
Details	Source	https://www.trendmicro.com/en_id/research/23/i/redline-vidar-first-abuses-ev-certificates.html
Details	Source	https://www.trendmicro.com/en_ph/research/23/i/redline-vidar-first-abuses-ev-certificates.html
Details	Source	https://www.trendmicro.com/en_ca/research/23/i/redline-vidar-first-abuses-ev-certificates.html
Details	Source	https://www.trendmicro.com/en_fi/research/23/i/redline-vidar-first-abuses-ev-certificates.html
Details	Source	https://www.trendmicro.com/en_gb/research/23/i/redline-vidar-first-abuses-ev-certificates.html
Details	Source	https://www.trendmicro.com/en_no/research/23/i/redline-vidar-first-abuses-ev-certificates.html
Details	Source	https://www.trendmicro.com/en_dk/research/23/i/redline-vidar-first-abuses-ev-certificates.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	119	✔	Trend Micro Research, News and Perspectives	https://feeds.feedburner.com/TrendMicroSimplySecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	5	samuelelena.co
Details	Domain	110	doi.org
Details	Domain	14	ibb.co
Details	File	8	pdf.htm
Details	File	218	min.js
Details	File	4	tripadvisor.js
Details	File	3	suspension.exe
Details	File	2	2286401330.png
Details	File	2126	cmd.exe
Details	File	2	rgb9rast.exe
Details	File	2	rgb9gast.exe
Details	File	2	reservation.exe
Details	File	2	opinion.exe
Details	File	2	recommendations.exe
Details	File	2	reservation.jpg
Details	File	2	reservation.pdf
Details	File	2	recommendations.pdf
Details	File	2	opinion.pdf
Details	File	9	exe.exe
Details	File	2	requests.pdf
Details	File	2	tripadvisor-complaint-lcn5en.pdf
Details	File	2	gigiduru.pdf
Details	File	2	tripadvisor-complaint-9dyl66.pdf
Details	File	2	tripadvisor-complaint-1uy8dx.pdf
Details	md5	2	5927C49718E319C84A7253F7DEB1A420
Details	Url	4	https://samuelelena.co/npm/module.external/jquery.min.js
Details	Url	4	https://samuelelena.co/npm/module.external/moment.min.js
Details	Url	4	https://samuelelena.co/npm/module.external/client.min.js
Details	Url	4	https://samuelelena.co/npm/module.tripadvisor/module.tripadvisor.js
Details	Url	3	https://doi.org
Details	Url	2	https://i.ibb.co/gp95qcw/2286401330.png