• Language chooser
    • USA (English)
    • France (Français)
    • Italy (Italiano)
    • Latin America (Español)
    • Brazil (Portugués)
    • Germany (Deutsch)
    • Korea (한국어)
    • Japan (Beta) (日本語)

Redigo Attack

Released: Dec 09, 2022


Medium Severity

Attack Type


New Go-based Redigo malware targets Redis server

A research by Aqua Nautilus discovered new Go based malware that targets vulnerable (CVE-2022-0543) Redis servers. A vulnerability CVE-2022-0543 that was uncovered in Lua scripting engine which allows threat actors to perform this attack on Redis server and drop the Redigo malware and gain server access. Learn More »

Common Vulnerabilities and Exposures

CVE-2022-0543

Background

Redis (remote dictionary server) is an open-source in-memory database and cache based on a Unix-like operating system. The server has a built-in Lua scripting engine that allows users to upload and execute Lua scripts directly on the server which helps users to efficiently perform the process read and writing data from scripts. Previously, the same vulnerability CVE-2022-0543 was seen in a different malware attack called "Muhstik" https://blogs.juniper.net/en-us/security/muhstik-gang-targets-redis-servers

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


February 18, 2022: Ubuntu published security advisory CVE-2022-0543 at https://ubuntu.com/security/CVE-2022-0543


December 01, 2022: Aqua Nautilus Discovers Redigo - A New Redis Backdoor Malware https://blog.aquasec.com/redigo-redis-backdoor-malware

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT
  • AV

  • Vulnerability

  • AV (Pre-filter)

  • IPS

  • Application Firewall

DETECT
RESPOND
RECOVER
IDENTIFY

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status
51.254.221.129 ip Active
http://51.254.221.129/c/bash url Active
http://51.254.221.129/c/cron url Active
http://51.254.221.129/c/fbsd url Active
http://51.254.221.129/c/nsshcron url Active
http://51.254.221.129/c/nsshpftp url Active
http://51.254.221.129/c/nsshtfti url Active
http://51.254.221.129/c/ntpd url Active
http://51.254.221.129/c/pftp url Active
http://51.254.221.129/c/pty url Active
http://51.254.221.129/c/shy url Active
http://51.254.221.129/c/sshd url Active
http://51.254.221.129/c/tfti url Active
http://167.99.39.134/.x/pty1 url Active
http://167.99.39.134/.x/pty2 url Active
de-zahlung.eu domain Active
deutschland-zahlung.net domain Active
ca9aaffab4b53372ad515271091f08fc563a62037f35cb4... file Active
f6d8964fa9eb83d29c91010f8085c01570959c75207b03a... file Active
671e52b3a8160d16c998d6198084f93a16fbfd2f2ad83b7... file Active
10f57f64d38ebbafef08c8ecbe3e6ec2a1f06151c524832... file Active
274ebb5e7538103e97bebfa0995013c264a64a2d2138850... file Active
6c09cec7a683384652971a5d7fcc9f63f733781d096df76... file Active
323a57cb8d4aa1747fc72bef0618e6cd2e9261b1d134c49... file Active
965fc7cfcc2cd68a548a635a07f9f1e848071b845c34246... file Active
f5912e8444c502b3143cb331d556e24e519b9c9e84c4329... file Active
6113681bcdb521d587bb1a9a108e778e866f43877071c67... file Active
6c765a23259a9363596a15f48613e6ed4b189478abd3058... file Active
8fe571619a7edbd74ee436eb3b9471ef4ca2e381f28ef2f... file Active
a28cd81ab79a1f175f5d4ded9d2dcbddbd8b00d44f2f0dc... file Active
7c01484e339f516891c539297be521634d3f8299111beb1... file Active
d35392a1a7514bdc25721f257626d61ef50fa630c5a9e79... file Active
16962f7fc03c4f2d2c5c1afa7d679dc302dd2c809860412... file Active
3a4e782134be89f267c660dbb91ad44f0196b5cfa69fc46... file Active
1ba1bc1e5706b315acf0777c9e22cfa57ee821830373b8d... file Active
67ec16c046c743817e1c868c954546ad101b39da0070fca... file Active
b5aaf4bba61cf90e474853c69c41f9d68438bb9283441df... file Active
50b7343f39e4b2310d90368a46a923bd1d3614bec073aac... file Active
571a5f99013d623a58bb73d5bf0aeae4672a2149925ee14... file Active
96867f503d65c564b146e8961dffae1f90962ba171dd0a5... file Active
f5051906fc019e6c8df2d90ff30728440a377d9bd4135f7... file Active
2b671550e69dda3d959f32d7cdfc25c373e1fb04a477c33... file Active
767cc42e1b6cc082bd41eecdb2743173d69ac5e8e02f5b6... file Active
9755bd9aed8de748ed8a1d9ed49e116a0ed2a293252007f... file Active
86155c8609a08794a6132d00bfa9ddc02f7cee71fa35c75... file Active
c41cdc9a55a562439ffc691470735a1d946af479c2298d8... file Active
a6746efce9d0f5f9f9387a302d712f69165874ee651e941... file Active
79e1e75ec521a41910339bfa0721ca264c5c6c5678c9556... file Active
e621e8cb3acc6e562ae3fc7a024874ca5379417cc422f91... file Active
fd320e51d52210ebcc2dfb3c55b6f6c821cc783041490fd... file Active
e601510d4ebe347a384128c12437465cc26c7d9b817f6e8... file Active
e787275ef77347d71d93b6da6e4005558de051450802df2... file Active
5ca41537c20a54dc23d45b6420b2315233f4fc94b867056... file Active
ca42237354f76bd8aebb97635887c286cddc8d3b6cca258... file Active
7d9f78570588b402679b1c7c52f75b340b1fee5628c526c... file Active
7ddfa177d63ef3fae731a23c980e0b9781c7d4583c6836e... file Active
74e04206acdb95571a7c0c3a886da3f348f488be524340a... file Active
661fd9300afd847a3bfbfbb194ca9f0c98a6067beb84b73... file Active
131d94da3fd3c2d26bea06c05e31d06cd963b2c33178789... file Active
c74e6f343fc505edae4178ad4f7ca9b374f8279efe081f2... file Active
28b1ed21267a7234cb9346005d27272b83c54c86d8117e0... file Active
6291ba4eec816171387f656776ea873a3a82dd2b262d65c... file Active
eb2433bf487a405b631464430f9ba5f02d95f7d63a59dd2... file Active
9b487ca085de198d248a7213b124c424ea763503251fb5d... file Active
36c4e36f4d62655c2c57996d6dfca92b69d15feb5d3a069... file Active
72db2dbe4e8e677dbe798f799029431e16eb839accf9324... file Active
ea0c8d5ac7e0718fc708f2534d06ad4769e9ff4bc4c85c7... file Active
7e847c756fa41ac176a8fe3e9931771e763e0d90daf0544... file Active
d358069cb92040d6920211cd9ff490d87ed30b4364da879... file Active
6bb0fd797062c7223079d7683bc485338f3638b61601926... file Active
e99fc98c9ec0c1c95ddbe47c6286f8e07c5c0382693cd9f... file Active
f452d6c9337cd60d0d0b39b6fcdc3b2ad80948a65c73148... file Active
13bcf15acbf45759342cd62e2e112dd0c46acf9a14af778... file Active
208a4dbb241ea08155aa09224a10c5cff7196b5e3c5233a... file Active
90196eb20e671dc92eb020656bdece51db8f6330a7cb09b... file Active
4f3f373129b7349915f34994229215f1bb91b1bc9e4606f... file Active
f2cc3da47c8521688b0f33343804342af6f606b66ab8b57... file Active
9d2dd22438e08ce18014219914dfc8fe9f0a09cd65211d5... file Active
16438cef05848decf805e4c6732c8a976fbc96e1e421288... file Active
dae0657cf0d23374d3212399f245b85314cc8b5633087ae... file Active
9ae309db0fe53092e67bea17d37a6137bcca70e9c4c3149... file Active
29f6d8954e676d9260e308a1bc756edb1063cfa72fd6bfe... file Active
http://138.197.99.34/.x/pty9 url Active
http://159.89.156.190/.y/qi586 url Active
159.89.156.190 ip Active
http://138.197.99.34/.x/pty10 url Active
http://159.89.156.190/.y/qx86 url Active
http://167.99.68.44/.x/pty8 url Active
167.99.68.44 ip Active
http://169.62.195.235/wp-content/themes/.w/wx url Active
http://138.68.66.69/.p/wx url Active
deutschland-zahlung.eu domain Active
shadow-mods.net domain Active
121.128.171.44 ip Active
139.99.101.96 ip Active
142.44.240.14 ip Active
144.217.84.99 ip Active
145.239.84.0 ip Active
145.239.93.125 ip Active
147.135.210.184 ip Active
Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days

Chg

Avg 0