MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

add hezb

pull/768/head
Delta-Sierra 2022-09-13 10:40:00 +02:00
parent 705d0d2e72
commit 6dba3abe13
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
clusters/cryptominers.json
View File

@ -62,7 +62,17 @@
}, },
"uuid": "a0c0ab05-c390-425c-9311-f64bf7ca9145", "uuid": "a0c0ab05-c390-425c-9311-f64bf7ca9145",
"value": "Krane" "value": "Krane"
},
{
"description": "“Hezb”, which is based on command line artifact data, was observed around Kinsing. This malware is relatively new and was recently reported in late May exploiting WSO2 RCE (CVE-2022-29464) in the wild. Several malware components were observed, the first of which was an XMRig miner installed as “Hezb”. Additional modules included a polkit exploit for privilege escalation as well as a zero-detection ELF payload named “kik”.",
"meta": {
"refs": [
"https://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/"
]
},
"uuid": "428bbf01-7756-48a2-848d-6bca3997f1df",
"value": "Hezb"
} }
], ],
"version": 2 "version": 3
} }