Kinsing Demystified
Common Information
| Type | Value |
|---|---|
| UUID | 4086eb79-a856-4dbd-834c-f3fc2656afbe |
| Fingerprint | cc4945d6420a16827de5a4d780ab3eb26e1f6aa996c0c384a0a6939a5c516f7f |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 3, 2024, 10:49 a.m. |
| Added to db | May 14, 2024, 8:21 p.m. |
| Last updated | Aug. 31, 2024, 6:43 a.m. |
| Headline | Kinsing Demystified |
| Title | Kinsing Demystified |
| Detected Hints/Tags/Attributes | 245/3/196 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 161 | cve-2019-19781 |
|
| Details | CVE | 27 | cve-2020-14883 |
|
| Details | CVE | 397 | cve-2021-44228 |
|
| Details | CVE | 122 | cve-2022-26134 |
|
| Details | CVE | 16 | cve-2020-11651 |
|
| Details | CVE | 19 | cve-2020-7961 |
|
| Details | CVE | 27 | cve-2023-32315 |
|
| Details | CVE | 44 | cve-2021-41773 |
|
| Details | CVE | 1 | cve-2017-15718 |
|
| Details | CVE | 2 | cve-2020-17519 |
|
| Details | CVE | 3 | cve-2023-35042 |
|
| Details | CVE | 13 | cve-2018-1000861 |
|
| Details | CVE | 43 | cve-2021-22205 |
|
| Details | CVE | 9 | cve-2023-25194 |
|
| Details | CVE | 10 | cve-2019-7609 |
|
| Details | CVE | 2 | cve-2016-4326 |
|
| Details | CVE | 77 | cve-2020-5902 |
|
| Details | CVE | 80 | cve-2021-26084 |
|
| Details | CVE | 2 | cve-2019-17564 |
|
| Details | CVE | 1 | cve-2020-10684 |
|
| Details | CVE | 4 | cve-2022-24706 |
|
| Details | CVE | 1 | cve-2020-9480 |
|
| Details | CVE | 1 | cve-2020-11854 |
|
| Details | CVE | 16 | cve-2021-3129 |
|
| Details | CVE | 3 | cve-2018-16509 |
|
| Details | CVE | 17 | cve-2017-7494 |
|
| Details | CVE | 33 | cve-2017-9841 |
|
| Details | CVE | 20 | cve-2022-22947 |
|
| Details | CVE | 27 | cve-2022-24086 |
|
| Details | CVE | 51 | cve-2023-33246 |
|
| Details | CVE | 17 | cve-2019-11043 |
|
| Details | CVE | 11 | cve-2020-15505 |
|
| Details | CVE | 5 | cve-2019-0193 |
|
| Details | CVE | 2 | cve-2016-5734 |
|
| Details | CVE | 16 | cve-2022-33891 |
|
| Details | CVE | 68 | cve-2020-14882 |
|
| Details | CVE | 27 | cve-2020-14750 |
|
| Details | CVE | 1 | cve-2019-19609 |
|
| Details | CVE | 11 | cve-2022-24990 |
|
| Details | CVE | 8 | cve-2020-25213 |
|
| Details | CVE | 6 | cve-2017-11610 |
|
| Details | CVE | 23 | cve-2022-29464 |
|
| Details | CVE | 1 | cve-2020-23814 |
|
| Details | Domain | 1 | ci.sh |
|
| Details | Domain | 1 | rv.sh |
|
| Details | Domain | 1 | vocaltube.ru |
|
| Details | Domain | 13 | libsystem.so |
|
| Details | Domain | 117 | ld.so |
|
| Details | Domain | 145 | libc.so |
|
| Details | Domain | 1 | pg2.sh |
|
| Details | Domain | 8 | www.aquasec.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 1 | scg.sh |
|
| Details | Domain | 1 | sup.sh |
|
| Details | Domain | 2 | wpf.sh |
|
| Details | Domain | 1 | an.sh |
|
| Details | Domain | 1 | cp2.sh |
|
| Details | Domain | 4 | do.sh |
|
| Details | Domain | 6 | ex.sh |
|
| Details | Domain | 1 | hb.sh |
|
| Details | Domain | 1 | kn.sh |
|
| Details | Domain | 1 | ku.sh |
|
| Details | Domain | 1 | lf.sh |
|
| Details | Domain | 4 | lh2.sh |
|
| Details | Domain | 1 | lr.sh |
|
| Details | Domain | 1 | md.sh |
|
| Details | Domain | 4 | mo.sh |
|
| Details | Domain | 3 | ni.sh |
|
| Details | Domain | 1 | pa.sh |
|
| Details | Domain | 2 | pg.sh |
|
| Details | Domain | 1 | ph2.sh |
|
| Details | Domain | 1 | sa.sh |
|
| Details | Domain | 4 | sc.sh |
|
| Details | Domain | 1 | sp.sh |
|
| Details | Domain | 1 | st.sh |
|
| Details | Domain | 1 | tf.sh |
|
| Details | Domain | 1 | tm.sh |
|
| Details | Domain | 1 | tr.sh |
|
| Details | Domain | 1 | vb.sh |
|
| Details | Domain | 1 | ws.sh |
|
| Details | Domain | 2 | spr.sh |
|
| Details | Domain | 2 | unk.sh |
|
| Details | Domain | 1 | lr2.sh |
|
| Details | Domain | 1 | tr2.sh |
|
| Details | Domain | 1 | vml.sh |
|
| Details | Domain | 1 | se.sh |
|
| Details | Domain | 2 | ae.sh |
|
| Details | Domain | 6 | ap.sh |
|
| Details | Domain | 1 | bg.sh |
|
| Details | Domain | 1 | ce.sh |
|
| Details | Domain | 3 | cf.sh |
|
| Details | Domain | 1 | cp.sh |
|
| Details | Domain | 2 | ge.sh |
|
| Details | Domain | 1 | gi.sh |
|
| Details | Domain | 1 | gl.sh |
|
| Details | Domain | 2 | ki.sh |
|
| Details | Domain | 9 | lh.sh |
|
| Details | Domain | 4 | mi.sh |
|
| Details | Domain | 1 | mt.sh |
|
| Details | Domain | 1 | ph.sh |
|
| Details | Domain | 1 | py.sh |
|
| Details | Domain | 3 | rm.sh |
|
| Details | Domain | 1 | sm.sh |
|
| Details | Domain | 1 | vm.sh |
|
| Details | Domain | 2 | xx.sh |
|
| Details | Domain | 1 | kos.sh |
|
| Details | Domain | 1 | tc.sh |
|
| Details | Domain | 2 | acb.sh |
|
| Details | Domain | 13 | cron.sh |
|
| Details | Domain | 2 | al.sh |
|
| Details | Domain | 1 | du.sh |
|
| Details | Domain | 1 | cpr.sh |
|
| Details | Domain | 1 | cpu.sh |
|
| Details | Domain | 18 | uninstall.sh |
|
| Details | Domain | 1 | ll.sh |
|
| Details | Domain | 6 | wb.sh |
|
| Details | Domain | 1 | h2.sh |
|
| Details | Domain | 1 | spri.sh |
|
| Details | File | 23 | xmrig.exe |
|
| Details | File | 18 | 1.ps1 |
|
| Details | File | 2 | wbw.xml |
|
| Details | File | 4 | wb.xml |
|
| Details | File | 1 | k.xml |
|
| Details | File | 1 | kk.xml |
|
| Details | File | 153 | config.json |
|
| Details | File | 2 | localconfig.xml |
|
| Details | File | 249 | schtasks.exe |
|
| Details | Github username | 1 | nautilus-aqua |
|
| Details | md5 | 1 | 568f7b1d6c2239e208ba97886acc0b1e |
|
| Details | sha256 | 5 | d247687e9bdb8c4189ac54d10efd29aee12ca2af78b94a693113f382619a175b |
|
| Details | sha256 | 5 | 5d2530b809fd069f97b30a5938d471dd2145341b5793a70656aad6045445cf6d |
|
| Details | sha256 | 1 | 787e2c94e6d9ce5ec01f5cbe9ee2518431eca8523155526d6dc85934c9c5787c |
|
| Details | sha256 | 1 | 564739ea8fa5926d4fa5c9734fed462061960a22e6b8d5c06e94969d97891bf2 |
|
| Details | sha256 | 2 | 631d0eac8278f4c8090dcc89c905eebdac5ad03db6cf33be1f0a5a39ce6fff1a |
|
| Details | sha256 | 1 | d14b31a0e14615badab1ffcd6086c36f32c21a0cd40df93843efd42295e451bd |
|
| Details | sha256 | 6 | c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a |
|
| Details | IPv4 | 9 | 185.154.53.140 |
|
| Details | IPv4 | 2 | 185.224.212.104 |
|
| Details | IPv4 | 2 | 194.169.160.157 |
|
| Details | IPv4 | 2 | 109.248.59.253 |
|
| Details | IPv4 | 4 | 93.189.46.81 |
|
| Details | IPv4 | 6 | 185.221.154.208 |
|
| Details | IPv4 | 5 | 212.22.77.79 |
|
| Details | IPv4 | 2 | 194.38.22.53 |
|
| Details | MITRE ATT&CK Techniques | 56 | T1595.002 |
|
| Details | MITRE ATT&CK Techniques | 32 | T1583.004 |
|
| Details | MITRE ATT&CK Techniques | 82 | T1583.001 |
|
| Details | MITRE ATT&CK Techniques | 542 | T1190 |
|
| Details | MITRE ATT&CK Techniques | 306 | T1078 |
|
| Details | MITRE ATT&CK Techniques | 86 | T1059.004 |
|
| Details | MITRE ATT&CK Techniques | 239 | T1106 |
|
| Details | MITRE ATT&CK Techniques | 365 | T1204.002 |
|
| Details | MITRE ATT&CK Techniques | 460 | T1059.001 |
|
| Details | MITRE ATT&CK Techniques | 174 | T1569.002 |
|
| Details | MITRE ATT&CK Techniques | 8 | T1543.004 |
|
| Details | MITRE ATT&CK Techniques | 180 | T1543.003 |
|
| Details | MITRE ATT&CK Techniques | 275 | T1053.005 |
|
| Details | MITRE ATT&CK Techniques | 11 | T1546.004 |
|
| Details | MITRE ATT&CK Techniques | 44 | T1053.003 |
|
| Details | MITRE ATT&CK Techniques | 11 | T1609 |
|
| Details | MITRE ATT&CK Techniques | 16 | T1610 |
|
| Details | MITRE ATT&CK Techniques | 191 | T1133 |
|
| Details | MITRE ATT&CK Techniques | 59 | T1059.006 |
|
| Details | MITRE ATT&CK Techniques | 70 | T1562.004 |
|
| Details | MITRE ATT&CK Techniques | 298 | T1562.001 |
|
| Details | MITRE ATT&CK Techniques | 297 | T1070.004 |
|
| Details | MITRE ATT&CK Techniques | 20 | T1222.001 |
|
| Details | MITRE ATT&CK Techniques | 72 | T1087.001 |
|
| Details | MITRE ATT&CK Techniques | 44 | T1110.001 |
|
| Details | MITRE ATT&CK Techniques | 5 | T1552.003 |
|
| Details | MITRE ATT&CK Techniques | 168 | T1046 |
|
| Details | MITRE ATT&CK Techniques | 585 | T1083 |
|
| Details | MITRE ATT&CK Techniques | 433 | T1057 |
|
| Details | MITRE ATT&CK Techniques | 118 | T1570 |
|
| Details | MITRE ATT&CK Techniques | 59 | T1021.004 |
|
| Details | MITRE ATT&CK Techniques | 243 | T1018 |
|
| Details | MITRE ATT&CK Techniques | 442 | T1071.001 |
|
| Details | MITRE ATT&CK Techniques | 422 | T1041 |
|
| Details | MITRE ATT&CK Techniques | 36 | T1090.002 |
|
| Details | MITRE ATT&CK Techniques | 492 | T1105 |
|
| Details | MITRE ATT&CK Techniques | 93 | T1485 |
|
| Details | MITRE ATT&CK Techniques | 276 | T1490 |
|
| Details | MITRE ATT&CK Techniques | 107 | T1496 |
|
| Details | MITRE ATT&CK Techniques | 26 | T1552.004 |
|
| Details | MITRE ATT&CK Techniques | 14 | T1090.004 |
|
| Details | MITRE ATT&CK Techniques | 160 | T1027.002 |
|
| Details | MITRE ATT&CK Techniques | 183 | T1036.005 |
|
| Details | MITRE ATT&CK Techniques | 35 | T1222.002 |
|
| Details | MITRE ATT&CK Techniques | 52 | T1071.004 |
|
| Details | MITRE ATT&CK Techniques | 3 | T1629.003 |
|
| Details | MITRE ATT&CK Techniques | 550 | T1112 |
|
| Details | MITRE ATT&CK Techniques | 504 | T1140 |
|
| Details | MITRE ATT&CK Techniques | 41 | T1014 |
|
| Details | Url | 1 | http://194.38.22.53/spre. |
|
| Details | Url | 1 | https://www.aquasec.com/research |
|
| Details | Url | 1 | https://github.com/nautilus-aqua/kinsing-indication-of-compromise |