SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.kinsing (Back to overview)

Kinsing

aka: h2miner

There is no description at this point.

References
2021-07-27Trend MicroAlfredo Oliveira, David Fiser
@online{oliveira:20210727:threat:dd84d57, author = {Alfredo Oliveira and David Fiser}, title = {{Threat Actors Exploit Misconfigured Apache Hadoop YARN}}, date = {2021-07-27}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/g/threat-actors-exploit-misconfigured-apache-hadoop-yarn.html}, language = {English}, urldate = {2021-08-31} } Threat Actors Exploit Misconfigured Apache Hadoop YARN
Kinsing
2021-03-09CyberArkAluma Lavi Shaari
@online{shaari:20210309:kinsing:bd68431, author = {Aluma Lavi Shaari}, title = {{Kinsing: The Malware with Two Faces}}, date = {2021-03-09}, organization = {CyberArk}, url = {https://www.cyberark.com/resources/threat-research-blog/kinsing-the-malware-with-two-faces}, language = {English}, urldate = {2021-03-11} } Kinsing: The Malware with Two Faces
Kinsing
2021-02-05Palo Alto Networks Unit 42Nadav Markus, Efi Barkayev, Gal De Leon
@online{markus:20210205:exploits:3fbf70d, author = {Nadav Markus and Efi Barkayev and Gal De Leon}, title = {{Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)}}, date = {2021-02-05}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cve-2020-25213/}, language = {English}, urldate = {2021-02-09} } Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)
Kinsing
2020-12-21IntezerIntezer
@online{intezer:20201221:top:9529707, author = {Intezer}, title = {{Top Linux Cloud Threats of 2020}}, date = {2020-12-21}, organization = {Intezer}, url = {https://www.intezer.com/blog/cloud-security/top-linux-cloud-threats-of-2020/}, language = {English}, urldate = {2020-12-26} } Top Linux Cloud Threats of 2020
AgeLocker Anchor_DNS Blackrota Cloud Snooper Dacls Doki FritzFrog IPStorm Kaiji Kinsing NOTROBIN Penquin Turla PLEAD Prometei RansomEXX Stantinko TeamTNT TSCookie WellMail elf.wellmess TeamTNT
2020-11-24Trend MicroJaromír Hořejší, David Fiser
@online{hoej:20201124:analysis:9e93ede, author = {Jaromír Hořejší and David Fiser}, title = {{Analysis of Kinsing Malware's Use of Rootkit}}, date = {2020-11-24}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/k/analysis-of-kinsing-malwares-use-of-rootkit.html}, language = {English}, urldate = {2020-11-25} } Analysis of Kinsing Malware's Use of Rootkit
Kinsing
2020-07-22Red CanaryTony Lambert
@online{lambert:20200722:connecting:eb1b19a, author = {Tony Lambert}, title = {{Connecting Kinsing malware to Citrix and SaltStack campaigns}}, date = {2020-07-22}, organization = {Red Canary}, url = {https://redcanary.com/blog/kinsing-malware-citrix-saltstack/}, language = {English}, urldate = {2020-07-30} } Connecting Kinsing malware to Citrix and SaltStack campaigns
Kinsing
2020-05-11IntezerTwitter (IntezerLabs)
@online{intezerlabs:20200511:ldpreload:b3e622b, author = {Twitter (IntezerLabs)}, title = {{Tweet on LD-PRELOAD userland rootkit}}, date = {2020-05-11}, organization = {Intezer}, url = {https://twitter.com/IntezerLabs/status/1259818964848386048}, language = {English}, urldate = {2020-05-18} } Tweet on LD-PRELOAD userland rootkit
Kinsing
2020-04-03AquaGal Singer
@online{singer:20200403:kinsing:e67c720, author = {Gal Singer}, title = {{Kinsing Malware Attacks Targeting Container Environments}}, date = {2020-04-03}, organization = {Aqua}, url = {https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability}, language = {English}, urldate = {2020-04-13} } Kinsing Malware Attacks Targeting Container Environments
Kinsing
2020-01-16AlibabaCang Po, Sang Duo
@online{po:20200116:new:e2639f7, author = {Cang Po and Sang Duo}, title = {{New Outbreak of h2Miner Worms Exploiting Redis RCE Detected}}, date = {2020-01-16}, organization = {Alibaba}, url = {https://www.alibabacloud.com/blog/new-outbreak-of-h2miner-worms-exploiting-redis-rce-detected_595743}, language = {English}, urldate = {2020-05-18} } New Outbreak of h2Miner Worms Exploiting Redis RCE Detected
Kinsing
Yara Rules
[TLP:WHITE] elf_kinsing_w0 (20200901 | Rule to find Kinsing malware)
rule elf_kinsing_w0 {
    meta:
        description = "Rule to find Kinsing malware"
        author = "Tony Lambert, Red Canary"
        date = "2020-06-09"
        source = "https://raw.githubusercontent.com/Neo23x0/signature-base/master/yara/crime_h2miner_kinsing.yar"
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/elf.kinsing"
        malpedia_rule_date = "20200901"
        malpedia_version = "20200901"
        malpedia_license = "CC BY-SA 4.0"
        malpedia_sharing = "TLP:WHITE"
    strings:
        $s1 = "-iL $INPUT --rate $RATE -p$PORT -oL $OUTPUT"
        $s2 = "libpcap"
        $s3 = "main.backconnect"
        $s4 = "main.masscan"
        $s5 = "main.checkHealth"
        $s6 = "main.redisBrute"
        $s7 = "ActiveC2CUrl"
        $s8 = "main.RC4"
        $s9 = "main.runTask"
    condition:
        (uint32(0) == 0x464C457F) and filesize > 1MB and all of them 
}
Download all Yara Rules