IOC Radar
TLP:WHITE5 IOCs

RedLine Stealer returns with New TTPS – Detection & Response

SI
Security Investigation
Published February 17, 2023Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYTurlaINFRASTRUCTURE176.113.115.17http://193.233.20.2/B…http://193.233.20.2/B…CAPABILITYMETA StealerRedLineVICTIMunknown
Adversary(1)
Infrastructure(4)
Capability(2)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise5

TypeIndicatorConfidenceScoreFirst Seen
IP176.113.115.17
c2intel-blogmalware
High
64
Jun 2, 26
URLhttp://193.233.20.2/BN89HKU/PLUGINS/CLIP64.DLL
intel-blogmalwarenetwork
High
58
Jun 2, 26
SHA2563854f7f1fcb2dd48a235e69be3a7618bec6faf676c8af4fc3ad1d253dc653591
exploitfile-hashintel-blog
Medium
53
Jun 2, 26
URLhttp://193.233.20.2/BN89HKU/INDEX.PHP
intel-blogmalwarenetwork
High
58
Jun 2, 26
IP193.233.20.13
c2intel-blogmalware
High
58
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph5 total IOCs
IPURLSHA256
IP2URL2SHA2561Actors1Malware2REPORTRedLine Stealer returns wiTurlaMETA StealerRedLine
scroll to zoom · drag to pan · click IOC to open