RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload
Tags
cmtmf-attack-pattern: Process Injection
country: Armenia Azerbaijan Belarus Kazakhstan Kyrgyzstan Moldova Tajikistan Uzbekistan Ukraine
attack-pattern: Data Credentials - T1589.001 Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Process Injection - T1631 Python - T1059.006 Hooking - T1179 Process Injection - T1055 Hooking
Show in Graph
Common Information
Type Value
UUID 7cafc8c0-f8fa-4b9a-89a0-906b8485a904
Fingerprint 84240c05e7bf1659
Analysis status DONE
Considered CTI value 1
Text language
Published May 12, 2022, 2:44 p.m.
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 17, 2024, 6:49 p.m.
Headline RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload
Title RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload
Detected Hints/Tags/Attributes 49/3/12
Source URLs
Redirection Url
Details Source https://www.netskope.com/blog/redline-stealer-campaign-using-binance-mystery-box-videos-to-spread-github-hosted-payload
URL Provider
Details Provider Source level domain
Details netskope.com www.netskope.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
binancenft.bot
Details Domain 27 
gen.malware.detect.by
Details File 18 
3.zip
Details File 50 
3.exe
Details File 11 
x86.exe
Details File 367 
readme.txt
Details File 4 
launcherpatcher.exe
Details File 72 
regsvcs.exe
Details File 48 
applaunch.exe
Details File 1 
45.rar
Details File 1 
openbot.rar
Details Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) 20 
DEV-0537