{"id":5649,"date":"2023-11-10T20:58:37","date_gmt":"2023-11-10T19:58:37","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=5649"},"modified":"2023-11-10T20:58:37","modified_gmt":"2023-11-10T19:58:37","slug":"redline-isporucuje-jos-vise-zlonamjernog-softvera","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/11\/10\/redline-isporucuje-jos-vise-zlonamjernog-softvera\/","title":{"rendered":"RedLine isporu\u010duje jo\u0161 vi\u0161e zlonamjernog softvera"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><a href=\"https:\/\/any.run\/malware-trends\/redline\/?utm_source=cybersecuritynews&amp;utm_medium=article&amp;utm_campaign=\u0441rowdsourced&amp;utm_content=main&amp;utm_term=081123\" target=\"_blank\" rel=\"noopener\"><em>RedLine<\/em> <em>Stealer<\/em> ili <em>RedLine<\/em> je zlonamjerni softver<\/a> koji mo\u017ee da prikuplja povjerljive informacije korisnika i isporu\u010duje druge zlonamjerne softvere. Dostupnost i fleksibilnost kradljivca izazivaju finansijske gubitke, curenje podataka, ciljajuc\u0301i i na poslovne i na li\u010dne ure\u0111aje. Od ovih napada najvi\u0161e pate zdravstveni i proizvodni sektori.<\/span><\/p>\n<div id=\"attachment_5652\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-5652\" class=\"size-full wp-image-5652\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/RedLine-Malware.jpg\" alt=\"RedLine \" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/RedLine-Malware.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/RedLine-Malware-300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/RedLine-Malware-150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/RedLine-Malware-768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/RedLine-Malware-12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/RedLine-Malware-80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/RedLine-Malware-320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-5652\" class=\"wp-caption-text\"><em>RedLine isporu\u010duje jo\u0161 vi\u0161e zlonamjernog softvera; Source: Bing Image Creator<\/em><\/p><\/div>\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sajberinfo.com\/en\/2023\/11\/10\/redline-isporucuje-jos-vise-zlonamjernog-softvera\/#REDLINE\" >REDLINE<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sajberinfo.com\/en\/2023\/11\/10\/redline-isporucuje-jos-vise-zlonamjernog-softvera\/#Izvrsavanje\" >Izvr\u0161avanje<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sajberinfo.com\/en\/2023\/11\/10\/redline-isporucuje-jos-vise-zlonamjernog-softvera\/#Distribucija\" >Distribucija<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/sajberinfo.com\/en\/2023\/11\/10\/redline-isporucuje-jos-vise-zlonamjernog-softvera\/#ZAKLJUCAK\" >ZAKLJU\u010cAK<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"REDLINE\"><\/span><span style=\"font-size: 14pt;\"><strong>REDLINE<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Ovaj <a href=\"https:\/\/sajberinfo.com\/en\/2021\/09\/26\/malware\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjerni softver<\/a> se pojavio u martu 2020. godine prema istrazi kompanije <em>Proofpoint<\/em>. Od tada je <em>RedLine<\/em> upravo dobio na popularnosti. <a href=\"https:\/\/sajberinfo.com\/en\/2021\/12\/31\/zlonamjerni-softver-redline-krade-sacuvane-lozinke\/\" target=\"_blank\" rel=\"nofollow noopener\">Bio je u porastu tokom pandemije<\/a> <em>COVID-19<\/em> <a href=\"https:\/\/sajberinfo.com\/en\/2023\/06\/12\/redline-kradljivac-podataka\/\" target=\"_blank\" rel=\"nofollow noopener\">i jo\u0161 uvijek je aktivan<\/a>. 1. jula 2021. godine zlonamjerni softver je prona\u0111en na Internet lokaciji koja izgleda legitimno i koja pru\u017ea alatke za privatnost. Me\u0111utim, na osnovu analize<a href=\"https:\/\/sajberinfo.com\/en\/2023\/04\/11\/payload\/\" target=\"_blank\" rel=\"nofollow noopener\"> korisnog tovara<\/a>, tamo se mo\u017ee prona\u0107i samo zlonamjerni softver.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>RedLine<\/em> je kradljivac koji preuzima informacije o korisnicima iz pretra\u017eiva\u010da, sistema za razmjenu trenutnih poruka i klijenata protokola za prenos datoteka. Glavni cilj su <a href=\"https:\/\/sajberinfo.com\/en\/2019\/02\/24\/lozinka-password-sifra\/\" target=\"_blank\" rel=\"nofollow noopener\">lozinke<\/a>, informacije o kreditnoj kartici, korisni\u010dko ime, lokacija, podaci za automatsko popunjavanje, kola\u010dic\u0301i, softverski set, pa \u010dak i hardverska konfiguracija poput rasporeda tastature, pode\u0161avanja <em>UAC<\/em>-a, itd.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Zlonamjerni softver se pona\u0161a kao tipi\u010dan kradljivac kao \u0161to je <em>Raccoon<\/em> ili <em>Pony<\/em>: on otprema i preuzima datoteke, izvr\u0161ava komande i prijavljuje informacije o zara\u017eenoj ma\u0161ini. \u0160tavi\u0161e, zlonamjerni akteri koriste <em>RedLine<\/em> za isporuku <em>ransomvare<\/em> zlonamjernog softvera, <em>RAT<\/em> alata, <a href=\"https:\/\/sajberinfo.com\/en\/2021\/09\/26\/trojan\/\" target=\"_blank\" rel=\"nofollow noopener\">trojanaca<\/a> i kripto rudara.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ovaj kradljivac podataka je prili\u010dno popularan, jer nema problema da ga se prona\u0111e na podzemnim forumima gdje\u00a0 <em>C&amp;C<\/em> paneli nude razli\u010dite opcije kao \u0161to su verzije zlonamjernog softvera i opcije kao usluge ili pretplata. Cijena varira od 100 do 200 dolara.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ne mo\u017ee se re\u0107i da je <em>RedLine<\/em> kradljivac napredni zlonamjerni softver poput <em>ransomvare<\/em> zlonamjernog softvera, ali ima uobi\u010dajene karakteristike tipi\u010dne za ovu porodicu. Me\u0111utim, to je <em>.NET<\/em> zlonamjerni softver napisan u <em>C# <\/em>i kvalitet k\u00f4da je dovoljno visok da otkrije iskusnog programera ili programere iza njega. <a href=\"https:\/\/sajberinfo.com\/en\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">Zlonamjerni akteri<\/a> tako\u0111e naporno rade na a\u017euriranju zlonamjernog softvera, poput preuzimanja sekundarnih korisnih tovara i naprednih funkcija filtriranja.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Izvrsavanje\"><\/span><span style=\"font-size: 14pt;\"><strong>Izvr\u0161avanje<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Na osnovu analize, glavna binarna datoteka se sama pokrec\u0301e i roditeljski proces se zaustavlja. Tako\u0111e mo\u017ee biti izba\u010den iz druge binarne datoteke ili sam glavni binarni fajl. Kada se kreira podre\u0111eni proces, po\u010dinje glavna zlonamjerna aktivnost \u2013 <em>RedLine<\/em> prikuplja informacije iz zara\u017eenog sistema, kao \u0161to su lozinke i druge, i \u0161alje ih komandnoj i kontrolnoj tabli. Kada se sve informacije prikupe i po\u0161alju, kradljivac jednostavno prekida izvr\u0161enje. Ukradene informacije se \u0161alju u ne\u0161ifrovanim i <em>base64<\/em> kodiranim formatima.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Distribucija\"><\/span><span style=\"font-size: 14pt;\"><strong>Distribucija<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Zlonamjerni akteri nisu\u00a0 ba\u0161 kreativni kada je u pitanju na\u010din isporuke zlonamjernog softvera. Me\u0111utim, metod funkcioni\u0161e savr\u0161eno \u2013 dru\u0161tveni in\u017eenjering za razli\u010dite kampanje elektronske po\u0161te, uklju\u010duju\u0107i kompromitovanje poslovne elektronske po\u0161te, ne\u017eeljenu po\u0161tu, la\u017ene ispravke, Google oglasi koji vode ka zlonamjernim prilozima ili vezama. Ovdje se mo\u017ee primijetiti veliku raznolikost formata datoteka:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><em>Office<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>PDF<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>RAR<\/em> i <em>ZIP<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Izvr\u0161ne datoteke<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>JavaScript<\/em><\/span><\/li>\n<\/ul>\n<p><span style=\"font-size: 14pt;\">Kada korisnik otvori prilog, <em>RedLine<\/em> preuzima druge zlonamjerne softvere.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZAKLJUCAK\"><\/span><span style=\"font-size: 14pt;\"><strong>ZAKLJU\u010cAK<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Najbolji na\u010din da korisnici za\u0161tite svoju organizaciju ili ure\u0111aj od <em>RedLine<\/em> zlonamjernog softvera je oprez sa sumnjivim datotekama i vezama koje dolaze u elektronskoj po\u0161ti. Korisnici treba da budu svjesni da \u010dak i pouzdani izvori mogu dovesti do infekcije, kra\u0111e lozinke ili kra\u0111e drugih podataka. Provjera datoteke u izolovanom okru\u017eenju (eng. <em>sandbox<\/em>) ne\u0107e potrajati dugo, ali mo\u017ee biti dovoljno da za nekoliko minuta otkrije <em>RedLine<\/em> zlonamjerni softver.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>RedLine Stealer ili RedLine je zlonamjerni softver koji mo\u017ee da prikuplja povjerljive informacije korisnika i isporu\u010duje druge zlonamjerne softvere. Dostupnost i fleksibilnost kradljivca izazivaju finansijske gubitke, curenje podataka, ciljajuc\u0301i i na poslovne i na&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":5652,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[412,317],"class_list":["post-5649","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-redline","tag-stealer"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5649","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=5649"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5649\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/5652"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=5649"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=5649"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=5649"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}