On September 12, 2018, the Alibaba Cloud Security team detected a large number of worm propagation incidents exploiting the authorized access vulnerability of Redis. Servers infected by worms launched the attacks.
Command-and-control server IP address: 188.8.131.52
The controlled servers access hxxps://pastebin.com/raw/5bjpjvLP to download malicious files and spread the worm to recipients.
Malicious IP address: 184.108.40.206
Event: Redis worm from a command-and-control server
Risk level: High