Kinsing

Malware updated 3 months ago (2024-08-14T09:38:17.955Z)
Download STIX
Preview STIX
Kinsing is a malicious software, or malware, that has been recently observed exploiting vulnerabilities in systems. It operates by infiltrating computers or devices, often undetected, through suspicious downloads, emails, or websites. Once inside, Kinsing can wreak havoc by stealing personal information, disrupting operations, or even holding data for ransom. In recent attacks, Kinsing threat actors have been probing the Looney Tunables flaws, as reported on securityaffairs.com. The Kinsing malware was further analyzed using the open-source tool Sysdig. During this analysis, it was discovered that Kinsing wrote to a file named /tmp/kdevtmpfsi. This action was detected during a deep dive into the system calls executed from Kinsing, providing valuable insight into its behavior and operational tactics. The use of Sysdig open source allowed for a closer examination of the malware's activities, particularly when it was running in a honeypot project. In conclusion, Kinsing presents a significant cybersecurity threat due to its ability to exploit system vulnerabilities and carry out harmful actions undetected. Its recent activity involving the Looney Tunables flaws underscores the need for robust security measures and constant vigilance. Tools like Sysdig open source offer invaluable resources for understanding and combatting threats such as Kinsing, enabling researchers to study its behaviors and devise effective countermeasures.
Description last updated: 2024-08-14T08:50:42.150Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Money Libra is a possible alias for Kinsing. Money Libra, also known as Kinsing, is a malicious software (malware) that has been active since late 2021. This malware primarily targets cloud-native environments and applications such as Kubernetes clusters, Docker API, Redis, Jenkins and Openfire servers, and cloud-hosted Apache NiFi instances,
3
H2miner is a possible alias for Kinsing. H2miner, also known as Kinsing, is a malicious software (malware) that primarily targets Linux systems to exploit their computing resources for illicit cryptocurrency mining. This malware is typically introduced into systems through suspicious downloads, emails, or websites, often unbeknownst to the
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
Linux
Vulnerability
Malware
Exploits
Apache Activ...
Activemq
Redis
Docker
Apache
Rootkit
Bitcoin
Kubernetes
Botnet
Cryptominer
Jenkins
Cybercrime
Payload
Source
Ddos
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Mirai Malware is associated with Kinsing. Mirai is a type of malware that specifically targets Internet of Things (IoT) devices to create a botnet, which can then be used for various malicious activities. The Mirai botnet had a significant impact in early 2022, accounting for over 7 million botnet detections globally. However, there was a 9Unspecified
3
The Mozi Malware is associated with Kinsing. Mozi is a type of malware, a malicious software designed to exploit and damage computer systems and devices. It typically infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even Unspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The Looney Tunables Vulnerability is associated with Kinsing. Looney Tunables is a significant vulnerability in Linux software design and implementation, which has been exploited by various threat actors. This flaw allows for local privilege escalation, providing unauthorized users with elevated access rights within a Linux environment. Multiple experts have rhas used
6
The CVE-2023-46604 Vulnerability is associated with Kinsing. CVE-2023-46604 is a critical vulnerability identified in Apache ActiveMQ, specifically affecting versions prior to 5.15.16, 5.16.7, 5.17.6, and 5.18.3. This flaw, which lies within the Java OpenWire protocol marshaller, allows for Remote Code Execution (RCE) and has been assigned a maximum severity Unspecified
4
The CVE-2023-4911 Vulnerability is associated with Kinsing. CVE-2023-4911, also known as the "Looney Tunables" vulnerability, is a significant software flaw found in the GNU C Library (glibc), specifically within its dynamic loader ld.so. This buffer overflow issue occurs when processing the GLIBC_TUNABLES environment variable, enabling threat actors to execUnspecified
4
The CVE-2017-9841 Vulnerability is associated with Kinsing. CVE-2017-9841 is a critical vulnerability in the PHP testing framework, PHPUnit. It is a software flaw that allows attackers to gain initial access to systems by exploiting it to download and execute a Perl script, thereby opening a reverse shell on the compromised machine. This vulnerability was acUnspecified
2
The Log4Shell Vulnerability is associated with Kinsing. Log4Shell is a critical vulnerability in the popular Java library Log4j, identified by CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105. This flaw in software design or implementation can allow cybercriminals to execute arbitrary code on affected systems remotely. The vulnerability was widely explUnspecified
2
Source Document References
Information about the Kinsing Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
DARKReading
7 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago