virus logo Virus

Linux/Redis.CRAB!tr

description-logoAnalysis

Linux/Redis.CRAB!tr is a generic detection for a trojan.
Since this is a generic detection, malware that are detected as Linux/Redis.CRAB!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • This malware is associated with the Redis RCE outbreak.

  • It is related to the CVE-2022-0543 vulnerability which is a vulnerability found in Redis, an in-memory data structure store.

  • The vulnerability may result in remote code execution by threat actors due to a packaging issue which would allow a Lua sandbox escape.

  • This malware has been associated with the following third party article/advisory. 
    • https://nvd.nist.gov/vuln/detail/CVE-2022-0543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0543

  • Following are some of the exact IOCs/file hashes associated with this detection:
    • Md5: c5b992c76b7c9fa3b9bd755dd3b5af76
      Sha256: 737261f600e93b79e15372a698120175e05cb7fab09d8d86cd2a887399a48188

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
Extreme
FortiAPS
FortiAPU
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date Version Detail
2023-03-06 91.01184
2023-02-03 91.00245
ID 10122909
Released Feb 03, 2023
Description
Updated		 Feb 03, 2023
Aliases ELF:HeadCrab-A [Drp],Backdoor:Linux/HeadCrab!MTB