SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.kinsing (Back to overview)

Kinsing

aka: h2miner

There is no description at this point.

References
2023-08-29AquasecAssaf Morag, Nitzan Yaakov
Kinsing Malware Exploits Novel Openfire Vulnerability
Kinsing
2022-09-14Trend MicroSunil Bharti
A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities
Kinsing
2022-07-18Palo Alto Networks Unit 42Unit 42
Money Libra
Kinsing Kinsing
2022-06-11Twitter (@MsftSecIntel)Microsoft Threat Intelligence
Tweet on DEV-0401, DEV-0234 exploiting Confluence RCE CVE-2022-26134
Kinsing Mirai Cobalt Strike
2022-06-07Lacework LabsChris Hall
Kinsing & Dark.IoT botnet among threats targeting CVE-2022-26134
Dark Kinsing
2022-03-02Bleeping ComputerBill Toulas
Log4shell exploits now used mostly for DDoS botnets, cryptominers
Kinsing Tsunami BillGates
2022-02-09vmwareVMWare
Exposing Malware in Linux-Based Multi-Cloud Environments
ACBackdoor BlackMatter DarkSide Erebus HelloKitty Kinsing PLEAD QNAPCrypt RansomEXX REvil Sysrv-hello TeamTNT Vermilion Strike Cobalt Strike
2021-12-15ZscalerRubin Azad
ThreatLabz analysis - Log4Shell CVE-2021-44228 Exploit Attempts
Kinsing Mirai
2021-12-14Medium s2wlabS2W TALON
Logs of Log4shell (CVE-2021-44228): log4j is ubiquitous
Kinsing Mirai Tsunami
2021-12-13Cado SecurityCado Security
Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228
Kinsing Mirai Tsunami
2021-09-20IBMIBM SECURITY X-FORCE
2021 IBM SecurityX-Force Cloud Threat Landscape Report
Kaiji Kinsing Tsunami Xanthe XOR DDoS
2021-07-27Trend MicroAlfredo Oliveira, David Fiser
Threat Actors Exploit Misconfigured Apache Hadoop YARN
Kinsing
2021-03-09CyberArkAluma Lavi Shaari
Kinsing: The Malware with Two Faces
Kinsing
2021-02-05Palo Alto Networks Unit 42Efi Barkayev, Gal De Leon, Nadav Markus
Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)
Kinsing
2020-12-21IntezerIntezer
Top Linux Cloud Threats of 2020
AgeLocker AnchorDNS Blackrota Cloud Snooper Dacls Doki FritzFrog IPStorm Kaiji Kinsing NOTROBIN Penquin Turla PLEAD Prometei RansomEXX Stantinko TeamTNT TSCookie WellMail elf.wellmess TeamTNT
2020-11-24Trend MicroDavid Fiser, Jaromír Hořejší
Analysis of Kinsing Malware's Use of Rootkit
Kinsing Kinsing
2020-11-23sysdigKaizhe Huang
Zoom into Kinsing
Kinsing Kinsing
2020-07-22Red CanaryTony Lambert
Connecting Kinsing malware to Citrix and SaltStack campaigns
Kinsing
2020-05-11IntezerTwitter (IntezerLabs)
Tweet on LD-PRELOAD userland rootkit
Kinsing
2020-04-03AquaGal Singer
Kinsing Malware Attacks Targeting Container Environments
Kinsing Kinsing
2020-01-16AlibabaCang Po, Sang Duo
New Outbreak of h2Miner Worms Exploiting Redis RCE Detected
Kinsing
Yara Rules
[TLP:WHITE] elf_kinsing_w0 (20200901 | Rule to find Kinsing malware)
rule elf_kinsing_w0 {
    meta:
        description = "Rule to find Kinsing malware"
        author = "Tony Lambert, Red Canary"
        date = "2020-06-09"
        source = "https://raw.githubusercontent.com/Neo23x0/signature-base/master/yara/crime_h2miner_kinsing.yar"
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/elf.kinsing"
        malpedia_rule_date = "20200901"
        malpedia_version = "20200901"
        malpedia_license = "CC BY-SA 4.0"
        malpedia_sharing = "TLP:WHITE"
    strings:
        $s1 = "-iL $INPUT --rate $RATE -p$PORT -oL $OUTPUT"
        $s2 = "libpcap"
        $s3 = "main.backconnect"
        $s4 = "main.masscan"
        $s5 = "main.checkHealth"
        $s6 = "main.redisBrute"
        $s7 = "ActiveC2CUrl"
        $s8 = "main.RC4"
        $s9 = "main.runTask"
    condition:
        (uint32(0) == 0x464C457F) and filesize > 1MB and all of them 
}
Download all Yara Rules