Essential information

Value / Name

redtail_miner

Confidence

100/100

Revoked

Yes

Valid from

11/07/2024 22:35

Valid until

14/10/2025 22:35

Pattern type

yara

Published

21/12/2025 05:56

Modified

21/12/2025 05:56

Author / Source

AlienVault

Description

Pattern

rule redtail_miner {

meta:

author = "Akamai SIRT"

date = "06/24/2024"

version = "1.0"

description = "YARA Rule for Red Tail Crypto Miner and Shell Script"



strings:

$a1 = "rm -rf .redtail"

$a2 = "mv x86_64 .redtail"

$a3 = "mv i686 .redtail"

$a4 = "mv aarch64 .redtail"

$a5 = "mv arm7 .redtail"

$a6 = "./.redtail $1 > /dev/null 2>&1"



condition:

2 of ($*)

}

Labels / Tags

Labels: cryptominer cve-2024-4577 gh0st rat muhstik php injection rat redtail vulnerability xmrig

Marking (TLP)

TLP:CLEAR

Related entities

No linked attack reports or intrusion sets yet.