Redigo

Malware updated 4 months ago (2024-05-04T20:57:43.238Z)
Download STIX
Preview STIX
Redigo is a type of malware that exploits vulnerabilities in Redis servers, specifically the CVE-2022-0543 vulnerability. This harmful software can infiltrate systems through suspicious downloads, emails, or websites and once inside, it has the potential to steal personal information, disrupt operations, or even hold data for ransom. In recent attacks, Redigo, along with another malware called Muhstik, compromised Redis instances leading to denial-of-service (DoS), flooding, and brute-forcing attacks against other systems. The CVE-2022-0543 vulnerability has been repeatedly exploited in previous attacks aimed at Redis servers by both the Muhstik and Redigo botnets. Last year, threat actors used this vulnerability to incorporate cloud instances into these botnets, which were then utilized to run DoS and brute-force attacks against various systems. This pattern of exploitation has established Redigo as a significant threat to Redis servers, following other malwares like HeadCrab that have targeted these servers in recent months. In response to these threats, patches for the CVE-2022-0543 vulnerability, which was previously exploited in Muhstik and Redigo attacks, were released in April 2022. Despite these protective measures, the ongoing use of this vulnerability by malicious actors underscores the critical need for constant vigilance and timely patching of known vulnerabilities in order to safeguard systems from such damaging malware.
Description last updated: 2024-01-06T06:54:33.105Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Redis
Denial of Se...
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
CVE-2022-0543Unspecified
2
CVE-2022-0543 is a critical vulnerability in software design or implementation that was first identified in 2022. This flaw, known as a Lua sandbox escape vulnerability, affects Redis instances and has been exploited by P2PInfect, a self-replicating worm written in the Rust programming language. The
Source Document References
Information about the Redigo Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
P2PInfect, a Rusty P2P worm targets Redis Servers on Linux and Windows systems - Security Affairs
CERT-EU
a year ago
P2PInfect: New Peer-to-Peer Worm Targeting Redis Servers
Unit42
a year ago
P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm
Securityaffairs
a year ago
Experts discovered a previously undocumented initial access vector used by P2PInfect worm
CERT-EU
2 years ago
New Cryptojacking Campaign Leverages Misconfigured Redis Database Servers
CERT-EU
a year ago
New P2P Worm Puts Windows and Linux Redis Servers in its Sights