← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Honeypot Recon: New Variant of SkidMap Targeting Redis
WHITE AlienVault 2023-08-02 Modified: 2023-08-02
12
IOCs
MEDIUM VOLUME
Since Redis is becoming increasingly popular around the world, we decided to investigate attacks on the Redis instance. We didn’t have to wait long for the first results of the Honeypot. The trap caught an activity about which the Western world does not hear too often while analyzing SkidMap. More importantly, this variant turned out to be a new, improved, dangerous variation of the malware. Its level of sophistication surprised us quite a bit.
SkidMapRedisTrojanMinerrootkit
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (4 / 12 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 000916c60b2ab828ba8cea914c308999 MD5 of 9970809e1dedce286888f7d25790b4dcca1e704b 2023-08-02
FileHash-MD5 44de739950eb4a8a3552b4e1987e8ec2 MD5 of 0ae049aab363fb8d2e164150dffbafd332725e00 2023-08-02
FileHash-MD5 49ad1db4b61bb1f23cdcaeb546c6d154 2023-08-02
FileHash-MD5 e23b3c7eb5d68e3cd43e9e61a3055fe8 MD5 of 940f45f8a5dfb16281a35cd8303cd98c1ab1fabd 2023-08-02
References (1)
↗ https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-recon-new-variant-of-skidmap-targeting-redis/