Kinsing (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

elf.kinsing (Back to overview)

Kinsing

aka: h2miner

There is no description at this point.

References

2023-08-29 ⋅ Aquasec ⋅ Nitzan Yaakov, Assaf Morag
Kinsing Malware Exploits Novel Openfire Vulnerability
Kinsing

2022-09-14 ⋅ Trend Micro ⋅ Sunil Bharti
A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities
Kinsing

2022-07-18 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
Money Libra
Kinsing Kinsing

2022-06-07 ⋅ Lacework Labs ⋅ Chris Hall
Kinsing & Dark.IoT botnet among threats targeting CVE-2022-26134
Dark Kinsing

2022-03-02 ⋅ Bleeping Computer ⋅ Bill Toulas
Log4shell exploits now used mostly for DDoS botnets, cryptominers
Kinsing Tsunami BillGates

2022-02-09 ⋅ vmware ⋅ VMWare
Exposing Malware in Linux-Based Multi-Cloud Environments
ACBackdoor BlackMatter DarkSide Erebus HelloKitty Kinsing PLEAD QNAPCrypt RansomEXX REvil Sysrv-hello TeamTNT Vermilion Strike Cobalt Strike

2021-12-15 ⋅ Zscaler ⋅ Rubin Azad
ThreatLabz analysis - Log4Shell CVE-2021-44228 Exploit Attempts
Kinsing Mirai

2021-12-14 ⋅ Medium s2wlab ⋅ S2W TALON
Logs of Log4shell (CVE-2021-44228): log4j is ubiquitous
Kinsing Mirai Tsunami

2021-12-13 ⋅ Cado Security ⋅ Cado Security
Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228
Kinsing Mirai Tsunami

2021-09-20 ⋅ IBM ⋅ IBM SECURITY X-FORCE
2021 IBM SecurityX-Force Cloud Threat Landscape Report
Kaiji Kinsing Tsunami Xanthe XOR DDoS

2021-07-27 ⋅ Trend Micro ⋅ Alfredo Oliveira, David Fiser
Threat Actors Exploit Misconfigured Apache Hadoop YARN
Kinsing

2021-03-09 ⋅ CyberArk ⋅ Aluma Lavi Shaari
Kinsing: The Malware with Two Faces
Kinsing

2021-02-05 ⋅ Palo Alto Networks Unit 42 ⋅ Nadav Markus, Efi Barkayev, Gal De Leon
Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)
Kinsing

2020-12-21 ⋅ Intezer ⋅ Intezer
Top Linux Cloud Threats of 2020
AgeLocker AnchorDNS Blackrota Cloud Snooper Dacls Doki FritzFrog IPStorm Kaiji Kinsing NOTROBIN Penquin Turla PLEAD Prometei RansomEXX Stantinko TeamTNT TSCookie WellMail elf.wellmess TeamTNT

2020-11-24 ⋅ Trend Micro ⋅ Jaromír Hořejší, David Fiser
Analysis of Kinsing Malware's Use of Rootkit
Kinsing Kinsing

2020-11-23 ⋅ sysdig ⋅ Kaizhe Huang
Zoom into Kinsing
Kinsing Kinsing

2020-07-22 ⋅ Red Canary ⋅ Tony Lambert
Connecting Kinsing malware to Citrix and SaltStack campaigns
Kinsing

2020-05-11 ⋅ Intezer ⋅ Twitter (IntezerLabs)
Tweet on LD-PRELOAD userland rootkit
Kinsing

2020-04-03 ⋅ Aqua ⋅ Gal Singer
Kinsing Malware Attacks Targeting Container Environments
Kinsing Kinsing

2020-01-16 ⋅ Alibaba ⋅ Cang Po, Sang Duo
New Outbreak of h2Miner Worms Exploiting Redis RCE Detected
Kinsing

Yara Rules

[TLP:WHITE] elf_kinsing_w0 (20200901 | Rule to find Kinsing malware)

rule elf_kinsing_w0 {
    meta:
        description = "Rule to find Kinsing malware"
        author = "Tony Lambert, Red Canary"
        date = "2020-06-09"
        source = "https://raw.githubusercontent.com/Neo23x0/signature-base/master/yara/crime_h2miner_kinsing.yar"
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/elf.kinsing"
        malpedia_rule_date = "20200901"
        malpedia_version = "20200901"
        malpedia_license = "CC BY-SA 4.0"
        malpedia_sharing = "TLP:WHITE"
    strings:
        $s1 = "-iL $INPUT --rate $RATE -p$PORT -oL $OUTPUT"
        $s2 = "libpcap"
        $s3 = "main.backconnect"
        $s4 = "main.masscan"
        $s5 = "main.checkHealth"
        $s6 = "main.redisBrute"
        $s7 = "ActiveC2CUrl"
        $s8 = "main.RC4"
        $s9 = "main.runTask"
    condition:
        (uint32(0) == 0x464C457F) and filesize > 1MB and all of them 
}

Download all Yara Rules

Kinsing Propose Change

References

Yara Rules

Kinsing