On September 12, 2018, the Alibaba Cloud Security team detected a large number of worm propagation incidents exploiting the authorized access vulnerability of Redis. Servers infected by worms launched the attacks.
Command-and-control server IP address: 220.127.116.11
The controlled servers access hxxps://pastebin.com/raw/5bjpjvLP to download malicious files and spread the worm to recipients.
Malicious IP address: 18.104.22.168
Event: Redis worm from a command-and-control server
Risk level: High