APT / THREAT GROUP

RedTail

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

RedTail is a cryptomining malware, which is based on the open-source XMRIG mining software. It is being spread via known vulnerabilities such as:

- CVE-2024-3400

- CVE-2023-46805

- CVE-2024-21887

- CVE-2023-1389

- CVE-2022-22954

- CVE-2018-20062

Threat Analysis

RedTail is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning RedTail

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

elf.redtailRedTail

External Intelligence

Malpedia: elf.redtail

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
RedTail — APT / Threat Group | Threat Intelligence | CTIWATCH.COM