Digital artists targeted in RedLine infostealer campaign

**Summary:** The report details a June 2021 social-engineering campaign targeting NFT/digital artists with the **RedLine** infostealer, distributed via a fake "SkylumLuminar (NFT Beta).rar" from "skylumpro.com" and other lures (e.g., "Rizin_Fight_Federation_Presentation.scr"), using oversized archives to evade scanning; execution of "SkylumLuminarNFTBetaVersion.exe" deploys RedLine, which exfiltrates browser credentials, system info, and crypto-wallet data (e.g., Metamask, Coinbase) and communicates via SOAP/HTTP to C2 at 185.215.113.60:59472, with related domains xtfoarinat.xyz and sinaryaror.xyz resolving to 92.38.163.189; while this variant shows no persistence, the post provides process/file indicators (e.g., Flamingly.exe, FieldTemplateFactory.exe), network IoCs, and practical detection, response, and prevention steps for at-risk artists and wallet users.