Kinsing (Malware Family)

elf.kinsing (Back to overview)

Kinsing

aka: h2miner

There is no description at this point.

References

2024-05-03 ⋅ Aqua Nautilus ⋅ Aqua Nautilus
Kinsing Demystified: A Comprehensive Technical Guide
Kinsing

2023-11-03 ⋅ Aqua Nautilus ⋅ Assaf Morag
Looney Tunables Vulnerability Exploited by Kinsing
Kinsing WSO

2023-08-29 ⋅ Aqua Nautilus ⋅ Assaf Morag, Nitzan Yaakov
Kinsing Malware Exploits Novel Openfire Vulnerability
Kinsing

2023-08-29 ⋅ Aquasec ⋅ Assaf Morag, Nitzan Yaakov
Kinsing Malware Exploits Novel Openfire Vulnerability
Kinsing

2022-09-14 ⋅ Trend Micro ⋅ Sunil Bharti
A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities
Kinsing

2022-07-18 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
Money Libra
Kinsing Kinsing

2022-06-11 ⋅ Twitter (@MsftSecIntel) ⋅ Microsoft Threat Intelligence
Tweet on DEV-0401, DEV-0234 exploiting Confluence RCE CVE-2022-26134
Kinsing Mirai Cobalt Strike Lilac Typhoon

2022-06-07 ⋅ Lacework Labs ⋅ Chris Hall
Kinsing & Dark.IoT botnet among threats targeting CVE-2022-26134
Dark Kinsing

2022-03-02 ⋅ Bleeping Computer ⋅ Bill Toulas
Log4shell exploits now used mostly for DDoS botnets, cryptominers
Kinsing Tsunami BillGates

2022-02-09 ⋅ vmware ⋅ VMWare
Exposing Malware in Linux-Based Multi-Cloud Environments
ACBackdoor BlackMatter DarkSide Erebus HelloKitty Kinsing PLEAD QNAPCrypt RansomEXX REvil Sysrv-hello TeamTNT Vermilion Strike Cobalt Strike

2021-12-22 ⋅ Aqua Nautilus ⋅ Assaf Morag
Stopping a DreamBus Botnet Attack with Aqua’s CNDR
DreamBus Kinsing

2021-12-15 ⋅ Zscaler ⋅ Rubin Azad
ThreatLabz analysis - Log4Shell CVE-2021-44228 Exploit Attempts
Kinsing Mirai

2021-12-14 ⋅ Medium s2wlab ⋅ S2W TALON
Logs of Log4shell (CVE-2021-44228): log4j is ubiquitous
Kinsing Mirai Tsunami

2021-12-13 ⋅ Cado Security ⋅ Cado Security
Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228
Kinsing Mirai Tsunami

2021-09-20 ⋅ IBM ⋅ IBM SECURITY X-FORCE
2021 IBM SecurityX-Force Cloud Threat Landscape Report
Kaiji Kinsing Tsunami Xanthe XOR DDoS

2021-07-27 ⋅ Trend Micro ⋅ Alfredo Oliveira, David Fiser
Threat Actors Exploit Misconfigured Apache Hadoop YARN
Kinsing

2021-03-09 ⋅ CyberArk ⋅ Aluma Lavi Shaari
Kinsing: The Malware with Two Faces
Kinsing

2021-02-05 ⋅ Palo Alto Networks Unit 42 ⋅ Efi Barkayev, Gal De Leon, Nadav Markus
Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)
Kinsing

2020-12-21 ⋅ Intezer ⋅ Intezer
Top Linux Cloud Threats of 2020
AgeLocker AnchorDNS Blackrota Cloud Snooper Dacls Doki FritzFrog IPStorm Kaiji Kinsing NOTROBIN Penquin Turla PLEAD Prometei RansomEXX Stantinko TeamTNT TSCookie WellMail elf.wellmess TeamTNT

2020-11-24 ⋅ Trend Micro ⋅ David Fiser, Jaromír Hořejší
Analysis of Kinsing Malware's Use of Rootkit
Kinsing Kinsing

2020-11-23 ⋅ sysdig ⋅ Kaizhe Huang
Zoom into Kinsing
Kinsing Kinsing

2020-07-22 ⋅ Red Canary ⋅ Tony Lambert
Connecting Kinsing malware to Citrix and SaltStack campaigns
Kinsing

2020-05-11 ⋅ Intezer ⋅ Twitter (IntezerLabs)
Tweet on LD-PRELOAD userland rootkit
Kinsing

2020-04-03 ⋅ Aqua ⋅ Gal Singer
Kinsing Malware Attacks Targeting Container Environments
Kinsing Kinsing

2020-01-16 ⋅ Alibaba ⋅ Cang Po, Sang Duo
New Outbreak of h2Miner Worms Exploiting Redis RCE Detected
Kinsing

Yara Rules

[TLP:WHITE] elf_kinsing_w0 (20200901 | Rule to find Kinsing malware)

rule elf_kinsing_w0 {
    meta:
        description = "Rule to find Kinsing malware"
        author = "Tony Lambert, Red Canary"
        date = "2020-06-09"
        source = "https://raw.githubusercontent.com/Neo23x0/signature-base/master/yara/crime_h2miner_kinsing.yar"
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/elf.kinsing"
        malpedia_rule_date = "20200901"
        malpedia_version = "20200901"
        malpedia_license = "CC BY-SA 4.0"
        malpedia_sharing = "TLP:WHITE"
    strings:
        $s1 = "-iL $INPUT --rate $RATE -p$PORT -oL $OUTPUT"
        $s2 = "libpcap"
        $s3 = "main.backconnect"
        $s4 = "main.masscan"
        $s5 = "main.checkHealth"
        $s6 = "main.redisBrute"
        $s7 = "ActiveC2CUrl"
        $s8 = "main.RC4"
        $s9 = "main.runTask"
    condition:
        (uint32(0) == 0x464C457F) and filesize > 1MB and all of them 
}

Download all Yara Rules

Kinsing Propose Change

References

Yara Rules

Kinsing