Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 15:34:18 UTC
Home > List all groups > List all tools > List all groups using tool RedXOR
 Tool: RedXOR
Names RedXOR
Category Malware
Type Backdoor
Description
(Intezer) The backdoor masquerades itself as polkit daemon. We named it RedXOR for its
network data encoding scheme based on XOR. The malware was compiled on Red Hat
Enterprise Linux.
Information
Malpedia Last change to this tool card: 24 April 2021
Download this tool card in JSON format
All groups using tool RedXOR
Changed Name Country Observed
APT groups
 APT 41 2012-Jul 2025
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=10d35a97-d879-42e5-90ba-d6c881d5165b
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=10d35a97-d879-42e5-90ba-d6c881d5165b
Page 1 of 1