← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining
Recently, we wrote an article about more than 8,000 unsecured Redis instances found in the cloud. In this article, we expound on how these instances can be abused to perform remote code execution (RCE), as demonstrated by malware samples captured in the wild. These malicious files have been found to turn Redis instances into cryptocurrency-mining bots and have been discovered to infect other vulnerable instances via their “wormlike” spreading capability.
Indicators of Compromise (11 / 53 total)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 2b816fd2ff992e07f3f9fb3f27787c8a | — | 2020-04-22 | |
| FileHash-MD5 | 8a80faa8369404d362104eff0720bf62 | — | 2020-04-22 | |
| FileHash-MD5 | 291dd7d9a2062d07976b14f7d9683d35 | — | 2020-04-22 | |
| FileHash-MD5 | e3d0432180db8c901874b518b28e0ec2 | — | 2020-04-22 | |
| FileHash-MD5 | 0784af35182af63691d420a2af9d2b09 | MD5 of 37ecccdfc185615d4452b5c77b7313222b14776c3032c156846258c8f63185fe | 2020-04-22 | |
| FileHash-MD5 | 0813a0630f866571310be9ba3e42a9c5 | MD5 of 6faa026af253c784ef97ffec3a9953055d394061a9a1fbfdcc5b28445b73ffdc | 2020-04-22 | |
| FileHash-MD5 | 80e06b1879461ac9fc7f4b3846641817 | MD5 of d0a28e1f768c524ed3ff962c36ab2861705cdd4fd83ee5b3dc8d897f2034cb05 | 2020-04-22 | |
| FileHash-MD5 | 149c79bf71a54ec41f6793819682f790 | MD5 of e7446d595854b6bac01420378176d1193070ef776788af12300eb77e0a397bf7 | 2020-04-22 | |
| FileHash-MD5 | 97f3dab8aa665aac5200485fc23b9248 | MD5 of 559a8ff34cf807e508d32e3a28864c687263587fe4ffdcefe3f462a7072dcc74 | 2020-04-22 | |
| FileHash-MD5 | a71ad3167f9402d8c5388910862b16ae | MD5 of d247687e9bdb8c4189ac54d10efd29aee12ca2af78b94a693113f382619a175b | 2020-04-22 | |
| FileHash-MD5 | 1692020039cb723c351aa1a6a9b03fdc | MD5 of 24fdf5b1e1e8086031931f2678d874487316dc1e266581b328d6e34a1fd7748c | 2020-04-22 |