216.73.216.133

Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics

· Published 09/01/2025 10:25 · Modified 09/01/2025 10:39

Export JSON

Essential information

Published
09/01/2025 10:25
Modified
09/01/2025 10:39
Tags
2025-01-09 c3pool_miner cryptomining redtail
Related entities
1 vulnerabilities (cve), 12 observables, 10 techniques (mitre), 2 malware, 1 others

Description

This analysis focuses on , a cryptocurrency mining malware that stealthily installs itself on compromised systems. The malware utilizes two additional scripts: one to identify the CPU architecture and another to remove existing software. Observed attacks originated from IP addresses in the Netherlands and Bulgaria. The malware exploits weak root login credentials and uses SFTP to transfer malicious files. Protection strategies include regular patching, robust antimalware solutions, disabling direct root logins, implementing SSH shared keys or TCP Wrappers, and using SIEM systems for centralized log monitoring. The evolving sophistication of highlights the need for comprehensive cybersecurity measures and continuous vigilance against advanced threats.

External references