Kinsing
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
Kinsing has communicated with C2 over HTTP.(Citation: Aqua Kinsing April 2020) |
| Enterprise | T1059 | .004 | Command and Scripting Interpreter: Unix Shell |
Kinsing has used Unix shell scripts to execute commands in the victim environment.(Citation: Aqua Kinsing April 2020) |
| Enterprise | T1222 | .002 | File and Directory Permissions Modification: Linux and Mac File and Directory Permissions Modification |
Kinsing has used chmod to modify permissions on key files for use.(Citation: Aqua Kinsing April 2020) |
| Enterprise | T1021 | .004 | Remote Services: SSH |
Kinsing has used SSH for lateral movement.(Citation: Aqua Kinsing April 2020) |
| Enterprise | T1053 | .003 | Scheduled Task/Job: Cron |
Kinsing has used crontab to download and run shell scripts every minute to ensure persistence.(Citation: Aqua Kinsing April 2020) |
| Enterprise | T1552 | .003 | Unsecured Credentials: Bash History |
Kinsing has searched |
| .004 | Unsecured Credentials: Private Keys |
Kinsing has searched for private keys.(Citation: Aqua Kinsing April 2020) |
||
References
- Singer, G. (2020, April 3). Threat Alert: Kinsing Malware Attacks Targeting Container Environments. Retrieved April 1, 2021.
- Huang, K. (2020, November 23). Zoom into Kinsing. Retrieved April 1, 2021.
- Team Nautilus. (2021, June). Attacks in the Wild on the Container Supply Chain and Infrastructure. Retrieved August 26, 2021.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.