Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit

May 31, 2024, 2:03 p.m.

Description

Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto PAN-OS CVE-2024-3400 vulnerability into their toolkit. The malware spreads by using at least six different web exploits, targeting Internet of Things (IoT) devices (such as TP-Link routers), web applications (including the China-origin content management system ThinkPHP), SSL-VPNs, and security devices like Ivanti Connect Secure and Palo Alto GlobalProtect.

Date

Published: May 31, 2024, 1:41 p.m.

Created: May 31, 2024, 1:41 p.m.

Modified: May 31, 2024, 2:03 p.m.

Indicators

94.74.75.19

78.153.140.51

94.156.79.129

68.170.165.36

34.127.194.11

185.216.70.138

94.156.79.60

193.222.96.163

79.110.62.25

proxies.identitynetwork.top

Attack Patterns

RedTail

Trojan:Win64/XMRigMiner

T1210

T1190

T1068

CVE-2024-21887

CVE-2023-46805

CVE-2024-3400