{
	"id": "971cc0c9-9b0e-48e0-a096-e6efb292a037",
	"created_at": "2026-04-06T00:08:54.542407Z",
	"updated_at": "2026-04-10T03:22:09.846813Z",
	"deleted_at": null,
	"sha1_hash": "54f2aa52de7612400a722db0e4b579b5457c20c2",
	"title": "RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2158586,
	"plain_text": "RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign\r\nBy Mihai NEAGU\r\nArchived: 2026-04-05 22:51:04 UTC\r\nApril 27, 2022\r\nAt the start of the year, Bitdefender noticed a RIG Exploit Kit campaign using CVE-2021-26411 exploits found in\r\nInternet Explorer to deliver RedLine Stealer, a low-cost password stealer sold on underground forums.\r\nWhen executed, RedLine Stealer performs recon against the target system (including username, hardware,\r\nbrowsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto\r\nwallets, VPN logins) to a remote command and control server.\r\nDownload the RedLine Stealer whitepaper\r\nKey Findings\r\nBitdefender discovered a new RIG Exploit Kit campaign targeting an Internet Explorer vulnerability\r\ndesigned to distribute RedLine Stealer malware.\r\nIf executed, the stealer exfiltrates passwords, cookies and credit card data saved in browsers, as well as\r\ncrypto wallets, chat logs, VPN login credentials and text from files as per the instructions received from the\r\nC2 infrastructure.\r\nCountry distribution and daily activity\r\nhttps://www.bitdefender.com/blog/labs/redline-stealer-resurfaces-in-fresh-rig-exploit-kit-campaign/\r\nPage 1 of 2\n\nMitigation\r\nEnsure anti-virus and EDR solutions have exploit detection capabilities.\r\nLook for the indicators of compromise (IOCs) and keep operating systems and third-party applications up\r\nto date, and prioritize security fixes.\r\nDownload the RedLine Stealer whitepaper\r\nSource: https://www.bitdefender.com/blog/labs/redline-stealer-resurfaces-in-fresh-rig-exploit-kit-campaign/\r\nhttps://www.bitdefender.com/blog/labs/redline-stealer-resurfaces-in-fresh-rig-exploit-kit-campaign/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bitdefender.com/blog/labs/redline-stealer-resurfaces-in-fresh-rig-exploit-kit-campaign/"
	],
	"report_names": [
		"redline-stealer-resurfaces-in-fresh-rig-exploit-kit-campaign"
	],
	"threat_actors": [],
	"ts_created_at": 1775434134,
	"ts_updated_at": 1775791329,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/54f2aa52de7612400a722db0e4b579b5457c20c2.pdf",
		"text": "https://archive.orkl.eu/54f2aa52de7612400a722db0e4b579b5457c20c2.txt",
		"img": "https://archive.orkl.eu/54f2aa52de7612400a722db0e4b579b5457c20c2.jpg"
	}
}