{
  "name": "RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit",
  "slug": "redtail-cryptominer-threat-actors-adopt-pan-os-cve-2024-3400-exploit",
  "description": "Threat actors behind the RedTail cryptomining malware, initially reported in early 2024, have incorporated the recent Palo Alto PAN-OS CVE-2024-3400 vulnerability into their toolkit. The malware spreads by using at least six different web exploits, targeting Internet of Things (IoT) devices (such as TP-Link routers), web applications (including the China-origin content management system ThinkPHP), SSL-VPNs, and security devices like Ivanti Connect Secure and Palo Alto GlobalProtect.",
  "published": "2024-05-31T11:41:16+00:00",
  "created_at": "2024-05-31T11:41:16+00:00",
  "modified_at": "2024-05-31T12:03:35+00:00",
  "created_at_opencti": "2024-05-31T11:41:16+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-05-31",
    "cryptominer",
    "ssl-vpns"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "94.74.75.19"
      },
      {
        "id": "",
        "name": "78.153.140.51"
      },
      {
        "id": "",
        "name": "94.156.79.129"
      },
      {
        "id": "",
        "name": "68.170.165.36"
      },
      {
        "id": "",
        "name": "34.127.194.11"
      },
      {
        "id": "",
        "name": "185.216.70.138"
      },
      {
        "id": "",
        "name": "94.156.79.60"
      },
      {
        "id": "",
        "name": "193.222.96.163"
      },
      {
        "id": "",
        "name": "79.110.62.25"
      },
      {
        "id": "",
        "name": "proxies.identitynetwork.top"
      }
    ],
    "malware": [
      {
        "id": "6caba07f-d1b1-41ce-81db-00585af6d173",
        "name": "RedTail",
        "slug": "redtail"
      },
      {
        "id": "b47ae496-67ba-45d8-beb1-b0c3d1914d45",
        "name": "Trojan:Win64/XMRigMiner",
        "slug": "trojanwin64xmrigminer"
      }
    ],
    "attack_patterns": [
      {
        "id": "820fbdf8-7db2-4292-9a60-7eed3567be8d",
        "name": "T1210"
      },
      {
        "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62",
        "name": "T1190"
      },
      {
        "id": "64cdebc9-0fb4-48f2-bf4f-b87f3741f664",
        "name": "T1068"
      }
    ],
    "vulnerabilities": [
      {
        "id": "",
        "name": "CVE-2024-21887"
      },
      {
        "id": "",
        "name": "CVE-2023-46805"
      },
      {
        "id": "",
        "name": "CVE-2024-3400"
      }
    ]
  },
  "external_refs": [
    "https://www.akamai.com/blog/security-research/2024/may/2024-redtail-cryptominer-pan-os-cve-exploit",
    "https://otx.alienvault.com/pulse/6659d37c3ff8eac1818062b6"
  ]
}