RedLine Analysis
IOB - Indicator of Behavior (1000)
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Activities
Interest
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Vulnerabilities
IOC - Indicator of Compromise (276)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (26)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (386)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | .htaccess | predictive | Medium |
2 | File | /.env | predictive | Low |
3 | File | /.ssh/authorized_keys | predictive | High |
4 | File | //proc/kcore | predictive | Medium |
5 | File | /?Key=PhoneRequestAuthorization | predictive | High |
6 | File | /admin.php/Admin/adminadd.html | predictive | High |
7 | File | /admin/access | predictive | High |
8 | File | /Admin/add-student.php | predictive | High |
9 | File | /admin/dl_sendmail.php | predictive | High |
10 | File | /admin/index.html | predictive | High |
11 | File | /admin/settings/save.php | predictive | High |
12 | File | /api/v2/cli/commands | predictive | High |
13 | File | /apply.cgi | predictive | Medium |
14 | File | /bin/login | predictive | Medium |
15 | File | /catalog/admin/categories.php?cPath=&action=new_product | predictive | High |
16 | File | /category.php | predictive | High |
17 | File | /cgi-bin/delete_CA | predictive | High |
18 | File | /Config/SaveUploadedHotspotLogoFile | predictive | High |
19 | File | /download | predictive | Medium |
20 | File | /etc/gsissh/sshd_config | predictive | High |
21 | File | /get_getnetworkconf.cgi | predictive | High |
22 | File | /goform/addUserName | predictive | High |
23 | File | /goform/delAd | predictive | High |
24 | File | /goform/wifiSSIDset | predictive | High |
25 | File | /gpac/src/bifs/unquantize.c | predictive | High |
26 | File | /GponForm/device_Form?script/ | predictive | High |
27 | File | /home | predictive | Low |
28 | File | /includes/rrdtool.inc.php | predictive | High |
29 | File | /index.asp | predictive | Medium |
30 | File | /index.php | predictive | Medium |
31 | File | /jfinal_cms/system/role/list | predictive | High |
32 | File | /Main_AdmStatus_Content.asp | predictive | High |
33 | File | /members/view_member.php | predictive | High |
34 | File | /NAGErrors | predictive | Medium |
35 | File | /owa/auth/logon.aspx | predictive | High |
36 | File | /php-sms/admin/quotes/manage_remark.php | predictive | High |
37 | File | /plain | predictive | Low |
38 | File | /public | predictive | Low |
39 | File | /secure/QueryComponent!Default.jspa | predictive | High |
40 | File | /sgms/TreeControl | predictive | High |
41 | File | /spip.php | predictive | Medium |
42 | File | /SSOPOST/metaAlias/%realm%/idpv2 | predictive | High |
43 | File | /tmp | predictive | Low |
44 | File | /uncpath/ | predictive | Medium |
45 | File | /updown/upload.cgi | predictive | High |
46 | File | /var/log/nginx | predictive | High |
47 | File | /xxxxxx/xxxx.xxx | predictive | High |
48 | File | /xx/xxxxx.xxx | predictive | High |
49 | File | xxxxxxx.xxx | predictive | Medium |
50 | File | xxx.xxx | predictive | Low |
51 | File | xxxxxxxx.xxx | predictive | Medium |
52 | File | xxxxxxxx.xxx | predictive | Medium |
53 | File | xxx_xxxxxxx.xxx | predictive | High |
54 | File | xxx_xxxxxxx.xxx | predictive | High |
55 | File | xxxxx.xxxxxxxxx.xxx | predictive | High |
56 | File | xxxxx.xxx/xxxxxxxx/xxxxxxxx/ | predictive | High |
57 | File | xxxxx.xxx/xxxx/xxx/xxxxx/ | predictive | High |
58 | File | xxxxx.xxx?x=x_xxxxxxxxx&x=xxx&xxx=x | predictive | High |
59 | File | xxxxx.xxx?x=xxxxxx&x=xxxxxxxxxxxx | predictive | High |
60 | File | xxxxx/?/xxxxxx/xxxx/x | predictive | High |
61 | File | xxxxx/?/xxxx/xxxx/x | predictive | High |
62 | File | xxxxx/?/xxxxxx/xxxx_xxxxxxx | predictive | High |
63 | File | xxxxx/?/xxxxxxx/xxxx/x | predictive | High |
64 | File | xxxxx/xxxxx.xxxxxxxxx.xxx | predictive | High |
65 | File | xxxxx/xxxxxxx.xxx | predictive | High |
66 | File | xxxxx/xxxxx.xxx?x=xxxxxxxx&x=xxxxx&x=xxxxxxxx&xxxxxx=<?xxx | predictive | High |
67 | File | xxxxx/xxxx.xxxxxxx.xxx | predictive | High |
68 | File | xxxxx/xxxx.xxxx.xxx | predictive | High |
69 | File | xxxxx/xxxxx/xxx | predictive | High |
70 | File | xxxxx/xxxxx/xxx/xxx | predictive | High |
71 | File | xxxxx\xxxxxxxxxx\xxxxxxxxxx.xxx | predictive | High |
72 | File | xxx_xxx.xxx | predictive | Medium |
73 | File | xxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxx | predictive | High |
74 | File | xxxxxxxx.xxx | predictive | Medium |
75 | File | xxxxx/xxx_xxxx.x | predictive | High |
76 | File | xxxx/xx_xxx.xxx | predictive | High |
77 | File | xxxx/xxxx_xxx.xxx | predictive | High |
78 | File | xxxxxxx.xx | predictive | Medium |
79 | File | x/xxxxxx/xxxxx.xxx | predictive | High |
80 | File | xxxxxxx-xxx.x | predictive | High |
81 | File | xxxx/xxxxxxxxxxxx.xxx | predictive | High |
82 | File | xxx/xxx.xxx | predictive | Medium |
83 | File | xxxx.xxx | predictive | Medium |
84 | File | xxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxx | predictive | High |
85 | File | xxx_xxxxxxxx.xxx | predictive | High |
86 | File | xxxxxxxxxxx/xxxxxxxxxxx.x | predictive | High |
87 | File | xxxxxxxx.xxx | predictive | Medium |
88 | File | xx_xxxxxxxxx.xx | predictive | High |
89 | File | xx_xxxxx.x | predictive | Medium |
90 | File | xxxxx.xxxxxxxxx.xxx | predictive | High |
91 | File | xxxxxx/xxxxxxxxxxxx.xxx | predictive | High |
92 | File | xxx/xxxxxx/xx/xxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
93 | File | xxxxxxxxxxxx.xxx | predictive | High |
94 | File | xxxxxxxxxx/xxxxxxxx.xxx | predictive | High |
95 | File | xxxx/xxxxxxxx.x | predictive | High |
96 | File | xxxx/xxxxxxx.xxx | predictive | High |
97 | File | xxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxx | predictive | High |
98 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | High |
99 | File | xx.x/xxxxxxxx.x | predictive | High |
100 | File | xxxxxxxxxxxxxxxx.xxx | predictive | High |
101 | File | xxxxxxxx-xxx.xxx | predictive | High |
102 | File | x-xxxxx_xxxx.xx | predictive | High |
103 | File | xxxx-xxxxxx.xxx | predictive | High |
104 | File | xxxxx_xxxxxxxx.x | predictive | High |
105 | File | xxxxx.xxx | predictive | Medium |
106 | File | xxxx.xxxx | predictive | Medium |
107 | File | xxx/xxxxxxxx/xxx_xxxxxxx.x | predictive | High |
108 | File | xxx/xxxx/xxxx.x | predictive | High |
109 | File | xxxxx/xxx_xxx_xxxxxx_xxxx.xx | predictive | High |
110 | File | xxxxx/xxxxxx.xxx | predictive | High |
111 | File | xxxxxx_xxxx.xxx | predictive | High |
112 | File | xxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxx | predictive | High |
113 | File | xxxxxx.xxx | predictive | Medium |
114 | File | xx/xxxx.x | predictive | Medium |
115 | File | xxxxxxxx.xxx | predictive | Medium |
116 | File | xx.xxx | predictive | Low |
117 | File | xx.xxx | predictive | Low |
118 | File | xxxxxxx.xxxx | predictive | Medium |
119 | File | xxxx.xxx | predictive | Medium |
120 | File | xxxxxxxx/xxxx_xxxx | predictive | High |
121 | File | xxxxxxxxx.xxx | predictive | High |
122 | File | xxxxxxxxx.xxx | predictive | High |
123 | File | xxxxxxxxx.xx | predictive | Medium |
124 | File | xxxxxxxxxxxx.xxx | predictive | High |
125 | File | xxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxx | predictive | High |
126 | File | xxxx.x | predictive | Low |
127 | File | xxxxx.xxxx | predictive | Medium |
128 | File | xxxx_xxxx.x | predictive | Medium |
129 | File | xxxxxx/ | predictive | Low |
130 | File | xxx/xxxxxx.xxx | predictive | High |
131 | File | xxxxxxx/xxxxxxxxx_xxxxxxxx.xxx.xxx | predictive | High |
132 | File | xxxxxxxx/xxxxx.xxx.xxx | predictive | High |
133 | File | xxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxx | predictive | High |
134 | File | xxxxx.xxx | predictive | Medium |
135 | File | xxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxx | predictive | High |
136 | File | xxxxx.xxx?xxx=xxxxx | predictive | High |
137 | File | xxxxx.xxx?x=xxxxx&x=xxxx&x=xxx_xxxx | predictive | High |
138 | File | xxxxx.xxx?x=xxx&x=xxxxx&x=xxxxx | predictive | High |
139 | File | xxxxxxx.xxx | predictive | Medium |
140 | File | xxxxxxx/xxxxxx-xxxxx.xxx | predictive | High |
141 | File | xxxxxxx/xxxxxxx.xxx | predictive | High |
142 | File | xxxxxxxx/xx/xxxx.xx | predictive | High |
143 | File | xxxxxx/xxxx_xxxxx.x | predictive | High |
144 | File | xxxxxxxxx/xxxxxx.xxx.xxx | predictive | High |
145 | File | xxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxx | predictive | High |
146 | File | xxxxxxx/xxx_xxxxxxxx.x | predictive | High |
147 | File | xxxxxxxx.xxx | predictive | Medium |
148 | File | xxxxx.xxx | predictive | Medium |
149 | File | xxxx.x | predictive | Low |
150 | File | xxxxxx.xxx | predictive | Medium |
151 | File | xxxxxxx-xx/xxxxxx/xxx.xx | predictive | High |
152 | File | xx_xxxx.x | predictive | Medium |
153 | File | xxxxxxxxxxxxxxx_xxxxxxxx.xxx | predictive | High |
154 | File | xxx/xxxx/xxxx_xxxxxxxxx.x | predictive | High |
155 | File | xxx/xxxxx | predictive | Medium |
156 | File | xxx/xxxx/xxxx_xxxx.x | predictive | High |
157 | File | xxxxxxxx.xxx | predictive | Medium |
158 | File | xxx_xxxx.xxx | predictive | Medium |
159 | File | xxxxxx/xxxxxxxx.x | predictive | High |
160 | File | xxxxxxx.xxx | predictive | Medium |
161 | File | xxx_xxxxxxxxx.x | predictive | High |
162 | File | xxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxx | predictive | High |
163 | File | xxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxx | predictive | High |
164 | File | xxxxxx/xxxxx_xxxxxxxx/xxxxxxx.xxxx | predictive | High |
165 | File | xxxxx/xxxxxxxxxx.xxx | predictive | High |
166 | File | xxxxxxxx.xx | predictive | Medium |
167 | File | xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][] | predictive | High |
168 | File | x_xx_xxx.xxx | predictive | Medium |
169 | File | xxxxx.x | predictive | Low |
170 | File | xxxx.xxx | predictive | Medium |
171 | File | xxxxxxx.x | predictive | Medium |
172 | File | xxxxxxxxxx.xxx | predictive | High |
173 | File | xxxxxxx.xx | predictive | Medium |
174 | File | xxxxxxxx-x.xx | predictive | High |
175 | File | xxxxxxxx.xxx | predictive | Medium |
176 | File | xxxxxxxx.xxx | predictive | Medium |
177 | File | xxxxxxxxxxxx-xxxx.xxxx | predictive | High |
178 | File | xxxxxxxx.xxxx | predictive | High |
179 | File | xxxxxxxx.xxx | predictive | Medium |
180 | File | xxxxxxxxx/xxxxxx.x | predictive | High |
181 | File | xxxxxx_xxxxxxx.xxx | predictive | High |
182 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
183 | File | xxxxxxxxxxxxxxxxxxxxxxxxxx.xx/xxxxxxxxxx.xx/xxxxxxxxxxx.xx | predictive | High |
184 | File | xxxx_xxxxx.xxxx | predictive | High |
185 | File | xxxxxxxxxxx.x | predictive | High |
186 | File | xxx/xx_xxx.x | predictive | Medium |
187 | File | xxxxxxx/xxxxxxx.xxx | predictive | High |
188 | File | xxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxx | predictive | High |
189 | File | xxx_xxxx.xxx/xxx_xxxxxx.xxx | predictive | High |
190 | File | xxxxxxx.xxx.xx.xxxxxxxxxxx.xxx | predictive | High |
191 | File | xxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxx | predictive | High |
192 | File | xxxxxx/ | predictive | Low |
193 | File | xxxxxxx?xxxxxx | predictive | High |
194 | File | xxxx-xxxxx.xxx | predictive | High |
195 | File | xxx.x | predictive | Low |
196 | File | xxxxxxxxx.xxx | predictive | High |
197 | File | xx.xxx | predictive | Low |
198 | File | xxxxxx.xxx | predictive | Medium |
199 | File | xxxx/xxxxxx_xxxxxxxx.xxx | predictive | High |
200 | File | xxxxxxx-xxxxx.xxx | predictive | High |
201 | File | xxxx/xxxxxx.xxxx | predictive | High |
202 | File | xxxx/xxxxxx.x | predictive | High |
203 | File | xxxx/xxx/xxxx-xxxxx.xxx | predictive | High |
204 | File | xxxx/xxxx.x | predictive | Medium |
205 | File | xxxx/xxxxxxxx/xxxxxxxx.xxxx | predictive | High |
206 | File | xxxxxxxxx/xxxx-xxxx-xxx.x | predictive | High |
207 | File | xxxxxxxxx.x | predictive | Medium |
208 | File | xxxxxx.xxx | predictive | Medium |
209 | File | xxxxx/xxx_xxxx_x.x | predictive | High |
210 | File | xxxxx/xxx_xxxxxx.x | predictive | High |
211 | File | xxxxx/xxx_xxxxxxx.x | predictive | High |
212 | File | xxxx.xxx | predictive | Medium |
213 | File | xxxxxxx.xxx | predictive | Medium |
214 | File | xxxxxxx.xxx | predictive | Medium |
215 | File | xxxxx/xxxxx.xx | predictive | High |
216 | File | xxx.xxx | predictive | Low |
217 | File | xxx_xxxxx.xxx?xxxx=xxxxxxxx | predictive | High |
218 | File | xxxx-xxxxxx.xxx | predictive | High |
219 | File | xxxx-x-xxxxxx.xxx | predictive | High |
220 | File | xxx-xxxxx.xxx | predictive | High |
221 | File | xxx/xxxxxx-xxxxxxx.xxx | predictive | High |
222 | File | xxxxxxx.xxx | predictive | Medium |
223 | File | xxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxx/xxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxx.xxxx | predictive | High |
224 | File | xxxxxx.xxx/xxxxxx.xxx | predictive | High |
225 | File | xx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxx-xxxxxxx | predictive | High |
226 | File | xx-xxxxx-xxxxxx.xxx | predictive | High |
227 | File | xx-xxxxx.xxx | predictive | Medium |
228 | File | xxxxxxxxxx.xxx | predictive | High |
229 | File | ~/xxx/xxxx-xxxxxxxxx.xxx | predictive | High |
230 | File | ~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxx | predictive | High |
231 | File | ~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxx | predictive | High |
232 | Library | /xxx/xxx.x | predictive | Medium |
233 | Library | xxxxx.xx/xxxxx.xxx | predictive | High |
234 | Library | xxxxx_xxxxxxxx.xxx | predictive | High |
235 | Library | xxx.xxx | predictive | Low |
236 | Library | xxxx.xxx | predictive | Medium |
237 | Library | xxx/xxxxx.xxxxx.xxx | predictive | High |
238 | Library | xxx/xxxxxxx/xxxxxx/xxxxx.xxxxxxx.xxx | predictive | High |
239 | Library | xxxxxxxxx | predictive | Medium |
240 | Library | xxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxxx.xxx | predictive | High |
241 | Argument | --xxxxxx/--xxxxxxxx | predictive | High |
242 | Argument | xxxxxxx | predictive | Low |
243 | Argument | xxxxxxxxxx xxx xxxxxxx | predictive | High |
244 | Argument | xxxxxxxx | predictive | Medium |
245 | Argument | xxxxxxxx_xxx_xxx/xxxxxxxx_xxxxxxxx_xxx | predictive | High |
246 | Argument | xxxxxxxx | predictive | Medium |
247 | Argument | xxxxx | predictive | Low |
248 | Argument | xxxxxxxx | predictive | Medium |
249 | Argument | xxxx | predictive | Low |
250 | Argument | xxx_xxx_xx_xxx_xxxxxxxxxx_x | predictive | High |
251 | Argument | xxxxx_xxxx | predictive | Medium |
252 | Argument | xxx | predictive | Low |
253 | Argument | xxxx | predictive | Low |
254 | Argument | xxx | predictive | Low |
255 | Argument | xxxxxxxx | predictive | Medium |
256 | Argument | xxxxxxxxxxxxxxx | predictive | High |
257 | Argument | xxxxxxxxx | predictive | Medium |
258 | Argument | xxxxx | predictive | Low |
259 | Argument | xxxxxxx | predictive | Low |
260 | Argument | xxxxxxx | predictive | Low |
261 | Argument | xxxxxxx_xxxx_xxxx | predictive | High |
262 | Argument | xxxxxxxx_xxxx | predictive | High |
263 | Argument | xxx | predictive | Low |
264 | Argument | xx | predictive | Low |
265 | Argument | xx_xxxx | predictive | Low |
266 | Argument | xxxx | predictive | Low |
267 | Argument | xxxxxxx | predictive | Low |
268 | Argument | xxxx_xxxxxx=xxxx | predictive | High |
269 | Argument | xxx_xxxx | predictive | Medium |
270 | Argument | xxxxxxx | predictive | Low |
271 | Argument | xxxxxxx | predictive | Low |
272 | Argument | xxxxx | predictive | Low |
273 | Argument | xxxxx | predictive | Low |
274 | Argument | xxxxx[] | predictive | Low |
275 | Argument | xxxxxxxxxxx | predictive | Medium |
276 | Argument | xxxxx_xxxxxxxxxx | predictive | High |
277 | Argument | xxxxxxxxx_xxxxxx | predictive | High |
278 | Argument | xxxxxxxxx | predictive | Medium |
279 | Argument | xxxxxxx | predictive | Low |
280 | Argument | xxxx | predictive | Low |
281 | Argument | xxxxxxxx | predictive | Medium |
282 | Argument | xxxxxxxx | predictive | Medium |
283 | Argument | xxxxxxxx | predictive | Medium |
284 | Argument | xxxx_xxxxxx | predictive | Medium |
285 | Argument | xxxxxxxxx/xxxxxxxx | predictive | High |
286 | Argument | xxxxxxxxx/xxxxxxxx | predictive | High |
287 | Argument | xx_xx | predictive | Low |
288 | Argument | xx | predictive | Low |
289 | Argument | xxxxx | predictive | Low |
290 | Argument | xxxx xxxx/xxxxx/xxxxxxxx/xxxxxxxx | predictive | High |
291 | Argument | xxxxxxx[xxxxxxx] | predictive | High |
292 | Argument | x_xxxxxxx | predictive | Medium |
293 | Argument | xxxx | predictive | Low |
294 | Argument | xxxx | predictive | Low |
295 | Argument | xxxx/xxxxxx/xxx | predictive | High |
296 | Argument | xxxx_xxxxxxx | predictive | Medium |
297 | Argument | xx | predictive | Low |
298 | Argument | xx_xxxx | predictive | Low |
299 | Argument | xxxxxxxxxx | predictive | Medium |
300 | Argument | xxxxxxxxx | predictive | Medium |
301 | Argument | xxxx | predictive | Low |
302 | Argument | xxx | predictive | Low |
303 | Argument | xxxx | predictive | Low |
304 | Argument | xxxxxxxxx/xxxxx_xxxx | predictive | High |
305 | Argument | xxxx | predictive | Low |
306 | Argument | xxxxx | predictive | Low |
307 | Argument | xxxx | predictive | Low |
308 | Argument | xxxxxxxxxx | predictive | Medium |
309 | Argument | xxxxxxx | predictive | Low |
310 | Argument | xxxx/xxxxxxxxx/xxxxxx/xxxxx | predictive | High |
311 | Argument | xxxxxxxx | predictive | Medium |
312 | Argument | xxx_xxxx | predictive | Medium |
313 | Argument | xxxx | predictive | Low |
314 | Argument | xxxx/xxxxxxxxxx | predictive | High |
315 | Argument | xxxx/xxxxxxxx_xxxxx | predictive | High |
316 | Argument | xxxxxxx/xxxx | predictive | Medium |
317 | Argument | xxx | predictive | Low |
318 | Argument | xxxxxxx | predictive | Low |
319 | Argument | xxxx_xx | predictive | Low |
320 | Argument | xxxx | predictive | Low |
321 | Argument | xxxxx | predictive | Low |
322 | Argument | xxxxxxxx | predictive | Medium |
323 | Argument | xxxxxxxx | predictive | Medium |
324 | Argument | xxxx | predictive | Low |
325 | Argument | xxxx_xxxxxx | predictive | Medium |
326 | Argument | xxxxxx_xxxxxx | predictive | High |
327 | Argument | xxx_xxx | predictive | Low |
328 | Argument | xxxxxxx | predictive | Low |
329 | Argument | xxxxxxxxxxx | predictive | Medium |
330 | Argument | xxxxxxx | predictive | Low |
331 | Argument | xxxxxxxx[xx] | predictive | Medium |
332 | Argument | xxxxxxxx_xx | predictive | Medium |
333 | Argument | xxxxxxxx | predictive | Medium |
334 | Argument | xxxxxx_xxx | predictive | Medium |
335 | Argument | xxxxxxxxxxx | predictive | Medium |
336 | Argument | xxxxxx_xxxx | predictive | Medium |
337 | Argument | xxxxxxxx | predictive | Medium |
338 | Argument | xxxxxx | predictive | Low |
339 | Argument | xxxxxxxxxxx | predictive | Medium |
340 | Argument | xxxxxxxxxx | predictive | Medium |
341 | Argument | xxxxxx_xxxxx | predictive | Medium |
342 | Argument | xxxx-xxxxx[xxxxxxxxx] | predictive | High |
343 | Argument | xxxxxx_xxxx_xxxx | predictive | High |
344 | Argument | xxxxxxxxxxx[xx] | predictive | High |
345 | Argument | xxxxx | predictive | Low |
346 | Argument | xxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx | predictive | High |
347 | Argument | xxxxxxx | predictive | Low |
348 | Argument | xxx | predictive | Low |
349 | Argument | x_xx | predictive | Low |
350 | Argument | xxx | predictive | Low |
351 | Argument | xxx_xxxx[x][] | predictive | High |
352 | Argument | xxxxxxxx | predictive | Medium |
353 | Argument | xxx | predictive | Low |
354 | Argument | xxxxxxxxx | predictive | Medium |
355 | Argument | xxxx_xx | predictive | Low |
356 | Argument | xxxx | predictive | Low |
357 | Argument | xxx | predictive | Low |
358 | Argument | xxx | predictive | Low |
359 | Argument | xxxxxxxx | predictive | Medium |
360 | Argument | xxxxxxxx/xxxx | predictive | High |
361 | Argument | xxxxxxxx/xxxxxxxx | predictive | High |
362 | Argument | xxxxxxxx/xxxxxxxx | predictive | High |
363 | Argument | xxxx_xxxxxxxxx/xxxx_xxxxxxxx | predictive | High |
364 | Argument | xxxxxxx xxxxxx | predictive | High |
365 | Argument | xx_xxxxx | predictive | Medium |
366 | Argument | xxxxxx_xxxxxx | predictive | High |
367 | Argument | x-xxxxxxxxx-xxx | predictive | High |
368 | Argument | x-xxxxxxxxx-xxxxxx | predictive | High |
369 | Argument | x_xxxxxxxx | predictive | Medium |
370 | Argument | _xxxxxx | predictive | Low |
371 | Argument | _xxx_xxxxxxxxxxx_ | predictive | High |
372 | Input Value | %xxxxxx+-x+x+xx.x.xx.xxx%xx%xx | predictive | High |
373 | Input Value | -x+xxxxx+xxxxxx+x,x,xxxxxxx() | predictive | High |
374 | Input Value | ../ | predictive | Low |
375 | Input Value | <!-- xxxx --> | predictive | High |
376 | Input Value | <xxxxxxxx>\x | predictive | Medium |
377 | Input Value | xxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxx | predictive | High |
378 | Input Value | xxxxxxxxx' xxx 'x'='x | predictive | High |
379 | Input Value | xxxxxxxxx$$ | predictive | Medium |
380 | Input Value | xxxxxxx_xxxxx.xxxxxxx_xxxxxxx | predictive | High |
381 | Pattern | () { | predictive | Low |
382 | Pattern | |xx|xx|xx| | predictive | Medium |
383 | Network Port | xxx/xx (xxxxxx) | predictive | High |
384 | Network Port | xxx/xxxx | predictive | Medium |
385 | Network Port | xxx/xxxx (xx-xxx) | predictive | High |
386 | Network Port | xxx/xxxx | predictive | Medium |
References (48)
The following list contains external sources which discuss the actor and the associated activities:
- https://1275.ru/ioc/161/redline-stealer-iocs/
- https://1275.ru/ioc/214/redline-stealer-iocs-part-2/
- https://1275.ru/ioc/264/gs-010-redline-stealer-iocs/
- https://1275.ru/ioc/306/gs-030-redline-stealer-iocs/
- https://asec.ahnlab.com/en/28835/
- https://asec.ahnlab.com/en/28954/
- https://asec.ahnlab.com/en/29216/
- https://asec.ahnlab.com/en/29389/
- https://asec.ahnlab.com/en/29783/
- https://asec.ahnlab.com/en/29885/
- https://asec.ahnlab.com/en/30107/
- https://asec.ahnlab.com/en/30513/
- https://asec.ahnlab.com/en/30687/
- https://asec.ahnlab.com/en/30795/
- https://asec.ahnlab.com/en/31429/
- https://asec.ahnlab.com/en/31535/
- https://asec.ahnlab.com/en/32085/
- https://asec.ahnlab.com/en/32293/
- https://asec.ahnlab.com/en/32522/
- https://asec.ahnlab.com/en/32677/
- https://asec.ahnlab.com/en/33114/
- https://asec.ahnlab.com/en/33217/
- https://asec.ahnlab.com/en/33569/
- https://asec.ahnlab.com/en/33679/
- https://asec.ahnlab.com/en/33763/
- https://asec.ahnlab.com/en/34624/
- https://asec.ahnlab.com/en/34785/
- https://asec.ahnlab.com/en/35190/
- https://asec.ahnlab.com/en/35424/
- https://asec.ahnlab.com/en/36586/
- https://asec.ahnlab.com/en/37166/
- https://asec.ahnlab.com/en/37457/
- https://asec.ahnlab.com/en/37593/
- https://asec.ahnlab.com/en/37837/
- https://blog.morphisec.com/google-ppc-ads-deliver-redline-taurus-and-mini-redline-infostealers
- https://blog.talosintelligence.com/2021/01/threat-roundup-0108-0115.html
- https://blog.talosintelligence.com/2021/02/threat-roundup-0212-0219.html
- https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
- https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
- https://blog.talosintelligence.com/2021/06/threat-roundup-0617-0624.html
- https://blog.talosintelligence.com/2021/07/threat-roundup-0625-0702.html
- https://blogs.blackberry.com/en/2021/07/threat-thursday-redline-infostealer
- https://blogs.blackberry.com/en/2021/10/threat-thursday-redline-infostealer-update
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-21%20Redline%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-09%20Redline%20IOCs
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/RedLine
- https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/
- https://www.malwarebytes.com/blog/news/2022/09/2k-games-helpdesk-abused-to-spread-redline-malware