H2miner

Malware updated 6 months ago (2024-05-04T20:57:51.112Z)
Download STIX
Preview STIX
H2miner, also known as Kinsing, is a malicious software (malware) that primarily targets Linux systems to exploit their computing resources for illicit cryptocurrency mining. This malware is typically introduced into systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once installed, it can disrupt operations, steal personal information, and even hold data hostage for ransom. On November 20, 2023, cybersecurity researchers at Trend Micro discovered an active exploitation of a critical vulnerability in Apache ActiveMQ, identified as CVE-2023-46604. This vulnerability was being leveraged by cybercriminals to download and infect Linux systems with the Kinsing malware and a cryptocurrency miner. This attack technique has been previously associated with other malware families such as H2Miner and HeadCrab, which are known for illicitly mining cryptocurrency on compromised hosts. The exploitation of the Apache ActiveMQ vulnerability represents a significant security risk, as it allows the attacker to gain unauthorized access to sensitive data and system resources. It's crucial for organizations to keep their systems updated and patched against known vulnerabilities, and to employ robust cybersecurity measures to detect and prevent such intrusions. The discovery of this exploitation underscores the persistent threat posed by malware like h2miner and the importance of proactive cybersecurity strategies.
Description last updated: 2024-01-06T05:42:07.967Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Kinsing is a possible alias for H2miner. Kinsing is a malicious software, or malware, that has been recently observed exploiting vulnerabilities in systems. It operates by infiltrating computers or devices, often undetected, through suspicious downloads, emails, or websites. Once inside, Kinsing can wreak havoc by stealing personal informa
2
CVE-2023-46604 is a possible alias for H2miner. CVE-2023-46604 is a critical vulnerability identified in Apache ActiveMQ, specifically affecting versions prior to 5.15.16, 5.16.7, 5.17.6, and 5.18.3. This flaw, which lies within the Java OpenWire protocol marshaller, allows for Remote Code Execution (RCE) and has been assigned a maximum severity
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Apache
Exploit
Apache Activ...
Vulnerability
Activemq
Linux
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the H2miner Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more