Examining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary] - SANS Internet Storm Center
Common Information
Type Value
UUID 8d1e74b2-df8d-40ef-8433-f2fee1924155
Fingerprint 4b4991d233b83a9
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 9, 2025, midnight
Added to db Jan. 9, 2025, 3:24 a.m.
Last updated Jan. 22, 2025, 7:49 p.m.
Headline Internet Storm Center
Title Examining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary] - SANS Internet Storm Center
Detected Hints/Tags/Attributes 63/2/48
Source URLs
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 142 SANS Internet Storm Center, InfoCON: green https://isc.sans.edu/rssfeed_full.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 55
cve-2024-3400
Details Domain 97
sans.edu
Details Domain 23
clean.sh
Details Domain 49
setup.sh
Details Domain 2
threatstop.com
Details Domain 2
www.threatstop.com
Details Domain 296
www.virustotal.com
Details Domain 709
en.wikipedia.org
Details Domain 46
www.akamai.com
Details Domain 6
xmrig.com
Details Domain 1
canvas.sans.edu
Details Domain 6
cyberchef.org
Details Domain 23
www.sans.edu
Details File 1
5.docx
Details sha256 2
7cd48d762a343b483d0ce857e5d2e30fc795d11a20f1827679b9a05d5ab75c3f
Details sha256 2
cebd34c54c9ac02902ef8554939cf6a34aa8f320ea051e0f3d67d91685a1abf0
Details sha256 2
f1f34b7b798f8ec472b69eb5bd196381d749ced4d4a461d563896dfa827c84b6
Details sha256 2
16782165ceb9ac6ac5e8d6db387de9c18b9c214031ef36c0b092f9314342414a
Details sha256 2
d4635f0f5ab84af5e5194453dbf60eaebf6ec47d3675cb5044e5746fb48bd4b4
Details sha256 2
992cb5a753697ee2642aa390f09326fcdb7fd59119053d6b1bdd35d47e62f472
Details sha256 2
69dc9dd8065692ea262850b617c621e6c1361e9095a90b653b26e3901597f586
Details sha256 2
29f8524562c2436f42019e0fc473bd88584234c57979c7375c1ace3648784e4b
Details sha256 1
d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e
Details sha256 1
3b15778595cef00d1a51035dd4fd65e6be97e73544cb1899f40aec4aaa0445ae
Details IPv4 1
5.182.211.148
Details IPv4 1
94.103.125.37
Details IPv4 2
87.120.113.231
Details Url 2
https://www.threatstop.com/check-ioc
Details Url 1
https://www.virustotal.com/gui/ip-address/5.182.211.148/detection
Details Url 1
https://www.virustotal.com/gui/ip-address/94.103.125.37/detection
Details Url 1
https://www.virustotal.com/gui/ip-address/87.120.113.231/detection
Details Url 1
https://www.virustotal.com/gui/file/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e
Details Url 1
https://www.virustotal.com/gui/file/7cd48d762a343b483d0ce857e5d2e30fc795d11a20f1827679b9a05d5ab75c3f
Details Url 1
https://www.virustotal.com/gui/file/cebd34c54c9ac02902ef8554939cf6a34aa8f320ea051e0f3d67d91685a1abf0
Details Url 1
https://www.virustotal.com/gui/file/f1f34b7b798f8ec472b69eb5bd196381d749ced4d4a461d563896dfa827c84b6
Details Url 1
https://www.virustotal.com/gui/file/16782165ceb9ac6ac5e8d6db387de9c18b9c214031ef36c0b092f9314342414a
Details Url 1
https://www.virustotal.com/gui/file/3b15778595cef00d1a51035dd4fd65e6be97e73544cb1899f40aec4aaa0445ae
Details Url 1
https://www.virustotal.com/gui/file/d4635f0f5ab84af5e5194453dbf60eaebf6ec47d3675cb5044e5746fb48bd4b4
Details Url 1
https://www.virustotal.com/gui/file/992cb5a753697ee2642aa390f09326fcdb7fd59119053d6b1bdd35d47e62f472
Details Url 1
https://www.virustotal.com/gui/file/69dc9dd8065692ea262850b617c621e6c1361e9095a90b653b26e3901597f586
Details Url 1
https://www.virustotal.com/gui/file/29f8524562c2436f42019e0fc473bd88584234c57979c7375c1ace3648784e4b
Details Url 1
https://en.wikipedia.org/wiki/tcp_wrappers
Details Url 1
https://en.wikipedia.org/wiki/fail2ban
Details Url 1
https://www.akamai.com/blog/security-research/2024-redtail-cryptominer-pan-os-cve-exploit
Details Url 1
https://xmrig.com/docs/miner
Details Url 1
https://canvas.sans.edu/courses/409/assignments/4080?module_item_id=5346
Details Url 1
https://cyberchef.org/#recipe=from_hex
Details Url 17
https://www.sans.edu/cyber-security-programs/bachelors-degree