COVID Omicron Variant Lure Used to Distribute RedLine Stealer | FortiGuard LabsĀ 
Tags
attack-pattern: Data Model Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Scheduled Task - T1053 Windows Management Instrumentation - T1047
Show in Graph
Common Information
Type Value
UUID d5ebc3f9-d62e-45e9-8bd0-825773f664bd
Fingerprint e5b4b85f0737a703
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 10, 2022, midnight
Added to db Sept. 11, 2022, 12:34 p.m.
Last updated Nov. 17, 2024, 6:53 p.m.
Headline COVID Omicron Variant Lure Used to Distribute RedLine Stealer
Title COVID Omicron Variant Lure Used to Distribute RedLine Stealer | FortiGuard LabsĀ 
Detected Hints/Tags/Attributes 63/1/43
Source URLs
Redirection Url
Details Source https://www.fortinet.com/blog/threat-research/omicron-variant-lure-used-to-distribute-redline-stealer
URL Provider
Details Provider Source level domain
Details fortinet.com www.fortinet.com
Attributes
Details Type #Events CTI Value
Details Domain 5 
freelancer.com
Details Domain 2 
data-host-coin-8.com
Details Domain 71 
transfer.sh
Details Domain 1 
redline.hu
Details Domain 1 
redline.ht
Details Domain 1 
redline.hm
Details Domain 1 
redline.hr
Details File 1 
stats.exe
Details File 70 
vbc.exe
Details File 1 
chromedrlvers.exe
Details File 96 
wallet.dat
Details File 10 
tokens.txt
Details md5 1 
d8cc092a9e22f3fc55d63aad32150529
Details sha256 1 
15fe4385a2289aaf208f080abb7277332ef8e71edc68902709ab917945a36740
Details sha256 1 
891aba61b8fec4005f25d405ddfec4d445213c77fce1e967ba07f13bcbe0dad5
Details sha256 1 
216a733c391337fa303907a15fa55f01c9aeb128365fb6d6d245f7c7ec774100
Details sha256 1 
73942b1b5a8146090a40fe50a67c7c86c739329506db9ff5adc638ed7bb1654e
Details sha256 1 
2af009cdf12e1f84f161a2d4f2b4f97155eb6ec6230265604edbc8b21afb5f1a
Details sha256 1 
bf31d8b83e50a7af3e2dc746c74b85d64ce28d7c33b95c09cd46b9caa4d53cad
Details sha256 1 
b8ebdc5b1e33b9382433151f62464d3860cf8c8950d2f1a0278ef77679a04d3b
Details sha256 1 
8d7883edc608a3806bc4ca58637e0d06a83f784da4e1804e9c5f24676a532a7e
Details sha256 1 
1b4fcd8497e6003009010a19abaa8981366922be96e93a84e30ca2885476ccd7
Details sha256 1 
fdeadd54dd29fe51b251242795c83c4defcdade23fdb4b589c05939ae42d6900
Details sha256 1 
af4bf44056fc0b8c538e1e677ed1453d1dd884e78e1d66d1d2b83abb79ff1161
Details IPv4 1 
207.32.217.89
Details IPv4 1 
149.154.167.91
Details IPv4 1 
91.219.63.60
Details IPv4 2 
91.243.32.13
Details IPv4 1 
185.112.83.21
Details IPv4 1 
23.88.11.67
Details IPv4 2 
178.20.44.131
Details IPv4 1 
91.243.32.94
Details IPv4 2 
95.143.177.66
Details IPv4 1 
45.147.230.234
Details IPv4 1 
31.42.191.60
Details IPv4 1 
135.181.177.210
Details Url 1 
https://privatlab.com/s/s/nrqoogoykxt3anz2kbro/2f6ceecb-a469-40b5-94a2-2c9cc0bc8445-ewdy5l6raylblsgdgrgjnjvbn
Details Url 1 
https://privatlab.com/s/s/3qa0yrmavaij07z8bqzz/7ca69d4c-c5bb-4ab3-b5a9-87c17b7167b5-86yygegqbqmnoszgm0omggb6g
Details Url 1 
http://data-host-coin-8.com/files/9476_1641477642_2883.exe
Details Url 1 
http://data-host-coin-8.com/files/541_1641407973_7515.exe
Details Url 1 
http://data-host-coin-8.com/files/7871_1641415744_5762.exe
Details Url 1 
https://transfer.sh/get/hafwdg/rednovi.exe
Details Url 1 
http://91.219.63.60/downloads/slot8.exe