Common Information
Type Value
Value
rule Linux_Kinsing_Malware {
	meta:
		description = "Detects Kinsing Malware"
		author = " [email protected] "
		date = "2021-12-11"
		license = "Apache License 2.0"
		hash1 = "6e25ad03103a1a972b78c642bac09060fa79c460011dc5748cbb433cc459938b"
	strings:
		$a1 = "main.goKrongo"
		$a2 = "main.taskWithScanWorker"
		$a3 = "main.runTaskWithHttp"
		$a5 = "main.getMinerPid"
		$a6 = "main.sendResult"
		$a7 = "main.minerRunningCheck"
	condition:
		uint16(0) == 0x457f and 4 of them
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2021-12-13 60 Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228 - Cado Security | Cloud Investigation