RedLine Stealer gained prominence for its affordability. But since the exposure of its underlying infrastructure, the malware’s operators may have changed some of their tools and tactics.
The TIP research team recently amassed 53 domains identified as RedLine Stealer indicators of compromise (IoCs), which were then subjected to an expansion analysis that led to the discovery of:
- Five public email addresses from the IoCs’ WHOIS records
- 91 email-connected domains
- Five IP addresses to which the domains identified as IoCs resolved, one of which turned out to be a private host
- One IP-connected domain
Download a sample of the threat research materials now or contact us to access the complete set of research materials.