APT / THREAT GROUP
RedTail
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
RedTail is a cryptomining malware, which is based on the open-source XMRIG mining software. It is being spread via known vulnerabilities such as:
- CVE-2024-3400
- CVE-2023-46805
- CVE-2024-21887
- CVE-2023-1389
- CVE-2022-22954
- CVE-2018-20062
Threat Analysis
RedTail is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning RedTail
Danger of Libredtail [Guest Diary], (Wed, Apr 29th)
SANS ISC· Apr 29, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
elf.redtailRedTail
External Intelligence
Malpedia: elf.redtailResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.