OTX Bot

The Return of the Kinsing

A Canary Intelligence team analysis revealed the resurgence of the Kinsing malware, exploiting three CVEs: CVE-2023-46604 (ActiveMQ), CVE-2023-38646 (Metabase), and CVE-2025-55182 (React2Shell). The attacks, originating from IP 212.113.98.30, converged on a shared staging host at 78.153.140.16. The malware's tactics include downloading and installing a Go-based Linux binary and a stealthy libsystem.so component. The exploitation methods involve retrieving and executing malicious scripts, leading to the installation of Kinsing's core components. This cluster of activity demonstrates how older malware families can remain relevant by exploiting new vulnerabilities without significantly changing their core binaries.

Pulse ID: 69c56e3a416f1f2fb18c3436
Pulse Link: https://otx.alienvault.com/pulse/69c56e3a416f1f2fb18c3436
Pulse Author: AlienVault
Created: 2026-03-26 17:34:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#ActiveMQ #CyberSecurity #ICS #InfoSec #Kinsing #Linux #Malware #OTX #OpenThreatExchange #RAT #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
Mar 26 at 10:03pmWeb