Description
Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto PAN-OS CVE-2024-3400 vulnerability into their toolkit. The malware spreads by using at least six different web exploits, targeting Internet of Things (IoT) devices (such as TP-Link routers), web applications (including the China-origin content management system ThinkPHP), SSL-VPNs, and security devices like Ivanti Connect Secure and Palo Alto GlobalProtect.
Date
| Published | Created | Modified |
|---|---|---|
| May 31, 2024, 1:41 p.m. | May 31, 2024, 1:41 p.m. | May 31, 2024, 2:03 p.m. |
Attack Patterns
RedTail
Trojan:Win64/XMRigMiner
T1210
T1190
T1068
CVE-2024-21887
CVE-2023-46805
CVE-2024-3400