Redigo

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Redigo is a type of malware that exploits vulnerabilities in Redis servers, specifically the CVE-2022-0543 vulnerability. This harmful software can infiltrate systems through suspicious downloads, emails, or websites and once inside, it has the potential to steal personal information, disrupt operations, or even hold data for ransom. In recent attacks, Redigo, along with another malware called Muhstik, compromised Redis instances leading to denial-of-service (DoS), flooding, and brute-forcing attacks against other systems. The CVE-2022-0543 vulnerability has been repeatedly exploited in previous attacks aimed at Redis servers by both the Muhstik and Redigo botnets. Last year, threat actors used this vulnerability to incorporate cloud instances into these botnets, which were then utilized to run DoS and brute-force attacks against various systems. This pattern of exploitation has established Redigo as a significant threat to Redis servers, following other malwares like HeadCrab that have targeted these servers in recent months. In response to these threats, patches for the CVE-2022-0543 vulnerability, which was previously exploited in Muhstik and Redigo attacks, were released in April 2022. Despite these protective measures, the ongoing use of this vulnerability by malicious actors underscores the critical need for constant vigilance and timely patching of known vulnerabilities in order to safeguard systems from such damaging malware.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Headcrab
1
HeadCrab is a sophisticated malware that targets Redis servers, a popular in-memory data structure store often used as a database or cache. First detected by Aqua Security in September 2021, HeadCrab has evolved to operate in memory, making it harder for antivirus systems to detect. It is estimated
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Redis
Denial of Se...
Exploit
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2022-0543Unspecified
2
CVE-2022-0543 is a critical vulnerability in software design or implementation that was first identified in 2022. This flaw, known as a Lua sandbox escape vulnerability, affects Redis instances and has been exploited by P2PInfect, a self-replicating worm written in the Rust programming language. The
Source Document References
Information about the Redigo Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
P2PInfect, a Rusty P2P worm targets Redis Servers on Linux and Windows systems - Security Affairs
CERT-EU
a year ago
P2PInfect: New Peer-to-Peer Worm Targeting Redis Servers
Unit42
a year ago
P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm
Securityaffairs
a year ago
Experts discovered a previously undocumented initial access vector used by P2PInfect worm
CERT-EU
a year ago
New Cryptojacking Campaign Leverages Misconfigured Redis Database Servers
CERT-EU
a year ago
New P2P Worm Puts Windows and Linux Redis Servers in its Sights