Redigo Attack
New Go-based Redigo malware targets Redis server
A research by Aqua Nautilus discovered new Go based malware that targets vulnerable (CVE-2022-0543) Redis servers. A vulnerability CVE-2022-0543 that was uncovered in Lua scripting engine which allows threat actors to perform this attack on Redis server and drop the Redigo malware and gain server access. Learn More »
Common Vulnerabilities and Exposures
Background
Redis (remote dictionary server) is an open-source in-memory database and cache based on a Unix-like operating system. The server has a built-in Lua scripting engine that allows users to upload and execute Lua scripts directly on the server which helps users to efficiently perform the process read and writing data from scripts. Previously, the same vulnerability CVE-2022-0543 was seen in a different malware attack called "Muhstik" https://blogs.juniper.net/en-us/security/muhstik-gang-targets-redis-servers
Threat Radar Overall Score: 3.8
CVSS Rating | 10.0 | |
FortiRecon Score | 92/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 97.14% | |
FortiGuard Telemetry | 90 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
February 18, 2022: Ubuntu published security advisory CVE-2022-0543 at https://ubuntu.com/security/CVE-2022-0543
December 01, 2022: Aqua Nautilus Discovers Redigo - A New Redis Backdoor Malware https://blog.aquasec.com/redigo-redis-backdoor-malware
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
Vulnerability
-
AV (Pre-filter)
-
IPS
-
Application Firewall
AV Detects malware payloads related to Redis attack
Vulnerability Detects vulnerable endpoints related to Redigo attack
AV (Pre-filter) Detects malware payloads related to Redis attack
IPS Detects and block attack attempts related to Redis server vulnerability (CVE-2022-0543)
Application Firewall Detects and block attack attempts related to Redis server vulnerability (CVE-2022-0543)
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.