On September 12, 2018, the Alibaba Cloud Security team detected a large number of worm propagation incidents exploiting the authorized access vulnerability of Redis. Servers infected by worms launched the attacks.

Command-and-control server IP address: 104.20.208.21

The controlled servers access hxxps://pastebin.com/raw/5bjpjvLP to download malicious files and spread the worm to recipients.

Malicious IP address: 104.20.208.21

Event: Redis worm from a command-and-control server

Risk level: High