RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit
May 31, 2024, 2:03 p.m.
Tags
External References
Description
Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto PAN-OS CVE-2024-3400 vulnerability into their toolkit. The malware spreads by using at least six different web exploits, targeting Internet of Things (IoT) devices (such as TP-Link routers), web applications (including the China-origin content management system ThinkPHP), SSL-VPNs, and security devices like Ivanti Connect Secure and Palo Alto GlobalProtect.
Date
Published: May 31, 2024, 1:41 p.m.
Created: May 31, 2024, 1:41 p.m.
Modified: May 31, 2024, 2:03 p.m.
Indicators
94.74.75.19
78.153.140.51
94.156.79.129
68.170.165.36
34.127.194.11
185.216.70.138
94.156.79.60
193.222.96.163
79.110.62.25
proxies.identitynetwork.top
Attack Patterns
RedTail
Trojan:Win64/XMRigMiner
T1210
T1190
T1068
CVE-2024-21887
CVE-2023-46805
CVE-2024-3400