Operation Earth Kitsune: Tracking SLUB’s Current Operations
Show in Graph
Image Description
Common Information
Type Value
UUID 022faa7e-8ecf-43e3-bc3c-b5ee06f4a463
Fingerprint 537661e38675ad199b77e06c1bd78be7f852e26c157dcaf82562dd5a22ed8bbc
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 19, 2020, 9:32 p.m.
Added to db April 14, 2024, 12:52 a.m.
Last updated Aug. 31, 2024, 6:01 a.m.
Headline Operation Earth Kitsune: Tracking SLUB’s Current Operations
Title Operation Earth Kitsune: Tracking SLUB’s Current Operations
Detected Hints/Tags/Attributes 97/3/61
Source URLs
Redirection Url
Details Source https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-kitsune.pdf
URL Provider
Details Provider Source level domain
Details trendmicro.com documents.trendmicro.com
Attributes
Details Type #Events CTI Value
Details CVE 77 
cve-2016-0189
Details CVE 43 
cve-2020-0674
Details CVE 8 
cve-2019-5782
Details CVE 34 
cve-2019-1458
Details Domain 245 
shutterstock.com
Details Domain 604 
www.trendmicro.com
Details Domain 177 
blog.trendmicro.com
Details Domain 4127 
github.com
Details Domain 2 
mattermost.com
Details Domain 7 
chromium.org
Details Domain 37 
bugs.chromium.org
Details Domain 434 
medium.com
Details Domain 2 
hiddencodes.wordpress.com
Details Domain 1 
about.mattermost.com
Details File 4 
dropper.dll
Details File 1 
20200209122021_edfelqat.jpg
Details File 2 
20200209122021_qifxyren.jpg
Details File 2 
20200209122021_abjeuitk.jpg
Details File 36 
1.jpg
Details File 13 
2.jpg
Details File 10 
3.jpg
Details File 7 
data.js
Details File 2 
_.dll
Details File 130 
ws2_32.dll
Details File 748 
kernel32.dll
Details File 1 
w2s_32.dll
Details File 1 
set_logo.html
Details File 2 
skin.html
Details File 2 
_1.exe
Details File 1 
new_logo.jpg
Details File 1 
adfrxraq.jpg
Details File 1 
jdivhcgw.jpg
Details File 1 
dmacxfdf.jpg
Details File 1 
smile6.jpg
Details File 1 
vmqxcatf_x64.jpg
Details File 1 
smile3.jpg
Details File 1 
edfelqat_x86.jpg
Details File 1 
slack.html
Details Github username 1 
gnuboard
Details sha256 1 
c276e7749fbc8f484728e83ac0f732dd55cc213d4c357da5f293a11545257a4c
Details sha256 1 
0f2a61adcf47869ac2eb9bfca6a8c340523b9ab05042ba3c3ef4e0f4239d1896
Details sha256 1 
417b60d0a9d0c00ad2d1172836e9a2ef3680d2ba21c4eb65cfecca4d06a546e4
Details sha256 1 
1cf8f6b638549407a8c30eb39ff31d3a0597725dba6c35fab5ac9778597fff99
Details sha256 1 
cdea861636324742246a8afa5b1b71ff4b272e2a7bbb51871dc8aa802050b434
Details sha256 1 
e9b997f0cf41cddc6121888546f49405e50fa9118ed27e413dcc6c01ae9dd183
Details sha256 1 
7f68fad49c172ac5926322893e8af9d695b2f9e956ecb77943b416cec3ff871a
Details sha256 1 
c62be18d52fe1ec8a26f34bc9722a4e63a192d23e14d96d5cdf1608b8df3abcd
Details sha256 1 
93bb93d87cedb0a99976c18a37d65f816dc904942a0fb39cc177d49372ed54e5
Details sha256 1 
59e4510b7b15011d67eb2f80484589f7211e67756906a87ce466a7bb68f2095b
Details sha256 1 
2e57f324280b50aa55899097bcc86da480f6c42ff12e8517ea1c032ee890c1d8
Details sha256 1 
8059c7d05691d2d6a00624af1959dccd0f2b2d3bb62905271cd90208b0716310
Details sha256 1 
833070159999aa255420441ba2f2f188ab949b170d766b840a5be0885f745457
Details Url 1 
https://www.trendmicro.com/en_us/research/19/c/new-slub-backdoor-uses-github-communicates-via-
Details Url 1 
https://blog.trendmicro.com/trendlabs-security-intelligence/slub-gets-rid-of-github-
Details Url 1 
https://github.com/gnuboard.
Details Url 1 
https://mattermost.com/.
Details Url 1 
https://bugs.chromium.org/p/project-zero/issues/detail?id=1755
Details Url 1 
https://medium.com/swlh/my-take-on-chrome-sandbox-escape-exploit-chain-dbf5a616eec5.
Details Url 1 
https://hiddencodes.wordpress.com/2014/08/22/windows-api-hash-list-1/.
Details Url 1 
https://www.trendmicro.com/vinfo/de/security/news/cybercrime-and-digital-
Details Url 1 
https://about.mattermost.com/default-