Linux/Redis.CRAB!tr
Analysis
Linux/Redis.CRAB!tr is a generic detection for a trojan.
Since this is a generic detection, malware that are detected as Linux/Redis.CRAB!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:
- This malware is associated with the Redis RCE outbreak.
- It is related to the CVE-2022-0543 vulnerability which is a vulnerability found in Redis, an in-memory data structure store.
- The vulnerability may result in remote code execution by threat actors due to a packaging issue which would allow a Lua sandbox escape.
- This malware has been associated with the following third party article/advisory.
https://nvd.nist.gov/vuln/detail/CVE-2022-0543 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0543
- Md5: c5b992c76b7c9fa3b9bd755dd3b5af76
Sha256: 737261f600e93b79e15372a698120175e05cb7fab09d8d86cd2a887399a48188
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
Extreme | |
FortiAPS | |
FortiAPU | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |