Kinsing & Dark.IoT botnet among threats targeting CVE-2022-26134

Event ID4520
UUIDd4766c50-0269-4cda-acea-850ea4fdb198 
Creator orgCIRCL
Owner orgLUNCHBOX
Creator useradmin@admin.test
Protected Event (experimental)  Event is in unprotected mode.
Tagstype:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex osint:source-type=”blog-post”x misp-galaxy:cryptominers=”Hezb”x misp-galaxy:threat-actor=”Hezb”x misp-galaxy:botnet=”Dark.IoT”x malware_classification:malware-category=”Botnet”x   
Date2022-06-22
Threat LevelUndefined
AnalysisInitial
DistributionAll communities   
PublishedYes 2022-11-01 06:55:33
#Attributes18 (6 Objects)
First recorded change2022-09-13 11:46:36
Last change2022-10-24 09:46:38
Modification map
Sightings0 (0) – restricted to own organisation only.  

Order by dateOrder by count

Related Events

LUNCHBOXTor ALL nodes feed
2022-09-212
LUNCHBOXMetasploit exploits with CVE assigned feed
2022-09-211
Hezb cryptomining malware
2022-09-121
abuse.chThreatFox IOCs for 2021-11-11
2021-11-111

Related Feeds (show)

PivotsGalaxyEvent graphEvent timelineCorrelation graphATT&CK matrixEvent reportsAttributesDiscussion

4520: Kinsing & Dark.IoT botnet among threats targeting CVE-2022-26134

Galaxies

Malpedia 

  •  Dark   
  •  Kinsing   

Malware 

  •  Kinsing – S0599   

Threat Actor 

  •  Kinsing   
  • « previous
  • next »
  • view all

Scope toggle  Deleted Decay score SightingDB Context Related Tags Filtering tool

DateOrgCategoryTypeValueTagsGalaxiesCommentCorrelateRelated EventsFeed hitsIDSDistributionSightingsActivityActions
2022-09-13Object name: domain-ip 



References: 
Inherit 
2022-09-13Network activitydomain:domainbabaroga.lib     Inherit   (0/0/0)         
2022-09-13Network activityip:ip-dst203.0.113.0     Inherit   (0/0/0)         
2022-09-13Object name: domain-ip 



References: 
Inherit 
2022-09-13Network activitydomain:domainblacknurse.lib     Inherit   (0/0/0)         
2022-09-13Network activityip:ip-dst5.206.227.244     2156 Inherit   (0/0/0)         
2022-09-13Object name: domain-ip 



References: 
Inherit 
2022-09-13Network activitydomain:domaindragon.lib     Inherit   (0/0/0)         
2022-09-13Network activityip:ip-dst193.70.30.98     Inherit   (0/0/0)         
2022-09-13Network activityip-dst144.76.157.242     Inherit   (0/0/0)         
2022-09-13Network activityip-dst94.247.43.254     Inherit   (0/0/0)         
2022-09-13Network activityip-dst95.217.229.211     Inherit   (0/0/0)         
2022-09-13Network activityip-dst162.243.19.47     Inherit   (0/0/0)         
2022-09-13Network activityip-dst94.16.114.254     1542 Inherit   (0/0/0)         
2022-09-13Network activityip-dst194.36.144.87     1542 Inherit   (0/0/0)         
2022-09-13Object name: domain-ip 



References: 
Inherit 
2022-09-13Network activitydomain:domaintempest.lib     Inherit   (0/0/0)         
2022-09-13Network activityip:ip-dst62.4.23.97     Inherit   (0/0/0)         
2022-09-13Object name: vulnerability 



References: 
Inherit 
2022-09-13External analysisid:vulnerabilityCVE-2022-26134     1824 Inherit   (0/0/0)         
2022-09-13Object name: report 



References: 
Inherit 
2022-09-13External analysislink:linkhttps://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/    1530 Inherit   (0/0/0)     
2022-09-13Othersummary:textDetails regarding the recent Confluence OGNL (CVE-2022-26134) exploit were released to the public on June 3rd 2022. Shortly following this, Lacework Labs began seeing multiple attacks in the wild from both uncategorized and named threats. While this was expected, there appears to be more widespread exploitation of CVE-2022-26134 compared to previous Confluence vulnerabilities.     Inherit   (0/0/0)     
2022-09-13Othertype:textBlog     Inherit   (0/0/0)