Examining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary] - SANS Internet Storm Center
Tags
Common Information
Type | Value |
---|---|
UUID | 8d1e74b2-df8d-40ef-8433-f2fee1924155 |
Fingerprint | 4b4991d233b83a9 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Jan. 9, 2025, midnight |
Added to db | Jan. 9, 2025, 3:24 a.m. |
Last updated | Jan. 22, 2025, 7:49 p.m. |
Headline | Internet Storm Center |
Title | Examining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary] - SANS Internet Storm Center |
Detected Hints/Tags/Attributes | 63/2/48 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://isc.sans.edu/diary/rss/31568 |
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 142 | ✔ | SANS Internet Storm Center, InfoCON: green | https://isc.sans.edu/rssfeed_full.xml | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CVE | 55 | cve-2024-3400 |
|
Details | Domain | 97 | sans.edu |
|
Details | Domain | 23 | clean.sh |
|
Details | Domain | 49 | setup.sh |
|
Details | Domain | 2 | threatstop.com |
|
Details | Domain | 2 | www.threatstop.com |
|
Details | Domain | 296 | www.virustotal.com |
|
Details | Domain | 709 | en.wikipedia.org |
|
Details | Domain | 46 | www.akamai.com |
|
Details | Domain | 6 | xmrig.com |
|
Details | Domain | 1 | canvas.sans.edu |
|
Details | Domain | 6 | cyberchef.org |
|
Details | Domain | 23 | www.sans.edu |
|
Details | File | 1 | 5.docx |
|
Details | sha256 | 2 | 7cd48d762a343b483d0ce857e5d2e30fc795d11a20f1827679b9a05d5ab75c3f |
|
Details | sha256 | 2 | cebd34c54c9ac02902ef8554939cf6a34aa8f320ea051e0f3d67d91685a1abf0 |
|
Details | sha256 | 2 | f1f34b7b798f8ec472b69eb5bd196381d749ced4d4a461d563896dfa827c84b6 |
|
Details | sha256 | 2 | 16782165ceb9ac6ac5e8d6db387de9c18b9c214031ef36c0b092f9314342414a |
|
Details | sha256 | 2 | d4635f0f5ab84af5e5194453dbf60eaebf6ec47d3675cb5044e5746fb48bd4b4 |
|
Details | sha256 | 2 | 992cb5a753697ee2642aa390f09326fcdb7fd59119053d6b1bdd35d47e62f472 |
|
Details | sha256 | 2 | 69dc9dd8065692ea262850b617c621e6c1361e9095a90b653b26e3901597f586 |
|
Details | sha256 | 2 | 29f8524562c2436f42019e0fc473bd88584234c57979c7375c1ace3648784e4b |
|
Details | sha256 | 1 | d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e |
|
Details | sha256 | 1 | 3b15778595cef00d1a51035dd4fd65e6be97e73544cb1899f40aec4aaa0445ae |
|
Details | IPv4 | 1 | 5.182.211.148 |
|
Details | IPv4 | 1 | 94.103.125.37 |
|
Details | IPv4 | 2 | 87.120.113.231 |
|
Details | Url | 2 | https://www.threatstop.com/check-ioc |
|
Details | Url | 1 | https://www.virustotal.com/gui/ip-address/5.182.211.148/detection |
|
Details | Url | 1 | https://www.virustotal.com/gui/ip-address/94.103.125.37/detection |
|
Details | Url | 1 | https://www.virustotal.com/gui/ip-address/87.120.113.231/detection |
|
Details | Url | 1 | https://www.virustotal.com/gui/file/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e |
|
Details | Url | 1 | https://www.virustotal.com/gui/file/7cd48d762a343b483d0ce857e5d2e30fc795d11a20f1827679b9a05d5ab75c3f |
|
Details | Url | 1 | https://www.virustotal.com/gui/file/cebd34c54c9ac02902ef8554939cf6a34aa8f320ea051e0f3d67d91685a1abf0 |
|
Details | Url | 1 | https://www.virustotal.com/gui/file/f1f34b7b798f8ec472b69eb5bd196381d749ced4d4a461d563896dfa827c84b6 |
|
Details | Url | 1 | https://www.virustotal.com/gui/file/16782165ceb9ac6ac5e8d6db387de9c18b9c214031ef36c0b092f9314342414a |
|
Details | Url | 1 | https://www.virustotal.com/gui/file/3b15778595cef00d1a51035dd4fd65e6be97e73544cb1899f40aec4aaa0445ae |
|
Details | Url | 1 | https://www.virustotal.com/gui/file/d4635f0f5ab84af5e5194453dbf60eaebf6ec47d3675cb5044e5746fb48bd4b4 |
|
Details | Url | 1 | https://www.virustotal.com/gui/file/992cb5a753697ee2642aa390f09326fcdb7fd59119053d6b1bdd35d47e62f472 |
|
Details | Url | 1 | https://www.virustotal.com/gui/file/69dc9dd8065692ea262850b617c621e6c1361e9095a90b653b26e3901597f586 |
|
Details | Url | 1 | https://www.virustotal.com/gui/file/29f8524562c2436f42019e0fc473bd88584234c57979c7375c1ace3648784e4b |
|
Details | Url | 1 | https://en.wikipedia.org/wiki/tcp_wrappers |
|
Details | Url | 1 | https://en.wikipedia.org/wiki/fail2ban |
|
Details | Url | 1 | https://www.akamai.com/blog/security-research/2024-redtail-cryptominer-pan-os-cve-exploit |
|
Details | Url | 1 | https://xmrig.com/docs/miner |
|
Details | Url | 1 | https://canvas.sans.edu/courses/409/assignments/4080?module_item_id=5346 |
|
Details | Url | 1 | https://cyberchef.org/#recipe=from_hex |
|
Details | Url | 17 | https://www.sans.edu/cyber-security-programs/bachelors-degree |