<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>RedTail-Cryptominer on Detection.FYI</title>
    <link>https://detection.fyi/sigmahq/sigma/emerging-threats/2026/malware/redtail-cryptominer/</link>
    <description>Recent content in RedTail-Cryptominer on Detection.FYI</description>
    <generator>Hugo -- gohugo.io</generator>
    <copyright> </copyright>
    <lastBuildDate>Wed, 01 Jul 2026 11:32:55 +0000</lastBuildDate><atom:link href="https://detection.fyi/sigmahq/sigma/emerging-threats/2026/malware/redtail-cryptominer/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>RedTail Cryptominer User-Agent</title>
      <link>https://detection.fyi/sigmahq/sigma/emerging-threats/2026/malware/redtail-cryptominer/web_malware_redtail_useragent/</link>
      <pubDate>Wed, 01 Jul 2026 11:32:55 +0000</pubDate>
      
      <guid>https://detection.fyi/sigmahq/sigma/emerging-threats/2026/malware/redtail-cryptominer/web_malware_redtail_useragent/</guid>
      <description>
        
          
            Detects inbound web requests using the &#34;libredtail-http&#34; User-Agent.
libredtail-http is a unique User-Agent string associated with a campaign of automated, malicious scans and attacks targeting exposed container environments and web applications,notably identified in activities stemming from late 2024 through early 2026.
It is primarily used by the RedTail cryptominer malware to identify and exploit vulnerabilities for deploying cryptocurrency miners.

          
          
        
      </description>
    </item>
    
  </channel>
</rss>
