Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)

Kinsing is Golang-based malware that runs a cryptocurrency miner and attempts to spread itself to other hosts in the victim environment. (Citation: Aqua Kinsing April 2020)(Citation: Sysdig Kinsing November 2020)(Citation: Aqua Security Cloud Native Threat Report June 2021)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
Container Administration Command - T1609 (7b50a1d3-4ca7-45d1-989d-a6503f04bfe1)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
Resource Hijacking - T1496 (cd25c1b4-935c-4f0e-ba8d-552f28bc4783)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
Deploy Container - T1610 (56e0d8b8-3e25-49dd-9050-3aa252f5aa92)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
Bash History - T1552.003 (8187bd2a-866f-4457-9009-86b0ddedffa3)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	Kinsing - S0599 (d6e55656-e43f-411f-a7af-45df650471c5)	Malware	1
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	Linux and Mac File and Directory Permissions Modification - T1222.002 (09b130a2-a77e-4af0-a361-f46f9aad1345)	Attack Pattern	2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Private Keys - T1552.004 (60b508a1-6a5e-46b1-821a-9f7b78752abf)	Attack Pattern	2
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Bash History - T1552.003 (8187bd2a-866f-4457-9009-86b0ddedffa3)	Attack Pattern	2
Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2
SSH - T1021.004 (2db31dcd-54da-405d-acef-b9129b816ed6)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2