Linux/Redis.A!tr

description-logoAnalysis

Linux/Redis.A!tr is a generic detection for a trojan.
Since this is a generic detection, malware that are detected as Linux/Redis.A!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • This malware is written in Go.

  • It is related to the CVE-2022-0543 vulnerability which is a vulnerability found in Redis, an in-memory data structure store.

  • The vulnerability may result in remote code execution by threat actors due to a packaging issue which would allow a Lua sandbox escape.

  • This malware has been associated with the following third party article/advisory.
  • https://nvd.nist.gov/vuln/detail/CVE-2022-0543
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0543
    

  • Following are some of the exact IOCs/file hashes associated with this detection:
    • Md5: a755eeede56cbce460138464bf79cacd
      Sha256: d4238ffc217e039eaf5cc89cf387df58b67d01129b88e0b053e16c37ae09192d

description-logoOutbreak Alert

Go based malware that targets Redis server's vulnerability CVE-2022-0543 allowing threat actors to drop the Redigo malware and gain server access.

View the full Outbreak Alert Report

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2023-02-27 91.00982
2022-12-05 90.08462