From 6dba3abe13135136a25000f62d788a4e1607c961 Mon Sep 17 00:00:00 2001 From: Delta-Sierra Date: Tue, 13 Sep 2022 10:40:00 +0200 Subject: [PATCH] add hezb --- clusters/cryptominers.json | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/clusters/cryptominers.json b/clusters/cryptominers.json index 91a3bcf..b878640 100644 --- a/clusters/cryptominers.json +++ b/clusters/cryptominers.json @@ -62,7 +62,17 @@ }, "uuid": "a0c0ab05-c390-425c-9311-f64bf7ca9145", "value": "Krane" + }, + { + "description": "“Hezb”, which is based on command line artifact data, was observed around Kinsing. This malware is relatively new and was recently reported in late May exploiting WSO2 RCE (CVE-2022-29464) in the wild. Several malware components were observed, the first of which was an XMRig miner installed as “Hezb”. Additional modules included a polkit exploit for privilege escalation as well as a zero-detection ELF payload named “kik”.", + "meta": { + "refs": [ + "https://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/" + ] + }, + "uuid": "428bbf01-7756-48a2-848d-6bca3997f1df", + "value": "Hezb" } ], - "version": 2 + "version": 3 }