Tracing the Footprints of RedLine Stealer IoCs | WhoisXML API

Threat Reports

RedLine Stealer: IoC Analysis and Expansion

For US$100, threat actors can use RedLine Stealer to steal sensitive information, including saved credentials, bank details, and system data.

A CloudSEK technical analysis1 of the threat inspired us to investigate over 900 publicly available RedLine Stealer IoCs. Our key findings include:

  • 1,700+ artifacts connected to the threat IoCs through shared WHOIS details and string usage
  • 700+ connected properties resolving to the IP addresses tagged as IoCs
  • 92% of the IoCs still resolved to IP addresses
  • Some artifacts targeting banks, a decentralized financial (De-Fi) platform, and a courier were malicious

Get access to our findings and uncover more on your own. Download the report now.

  • [1]
Try our WhoisXML API for free
Get started