Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack
Tags
country: Brazil China North Korea Japan
maec-delivery-vectors: Watering Hole
attack-pattern: Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 4b212b9a-bb86-484d-9262-fbcbd59880fd
Fingerprint a4ad9d1920296459
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 17, 2023, midnight
Added to db Oct. 15, 2024, 3:32 p.m.
Last updated Nov. 17, 2024, 9:55 a.m.
Headline Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack
Title Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack
Detected Hints/Tags/Attributes 73/3/22
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_nl/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html
Details Source https://www.trendmicro.com/en_se/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html
Details Source https://www.trendmicro.com/en_dk/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html
Details Source https://www.trendmicro.com/en_ae/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html
Details Source https://www.trendmicro.com/en_ph/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html
Details Source https://www.trendmicro.com/en_no/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html
Details Source https://www.trendmicro.com/en_be/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html
Details Source https://www.trendmicro.com/en_id/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html
Details Source https://www.trendmicro.com/en_ie/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html
Details Source https://www.trendmicro.com/en_ca/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html
Details Source https://www.trendmicro.com/en_fi/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Domain 3 
londoncity.hopto.org
Details Domain 4 
rs.myftp.biz
Details Domain 3 
updategoogle.servehttp.com
Details Domain 2 
microsoftwindow.sytes.net
Details Domain 4 
selectorioi.ddns.net
Details File 4 
popup.js
Details File 208 
setup.exe
Details File 69 
vcruntime140.dll
Details File 14 
bg.jpg
Details File 2 
werfautl.exe
Details File 57 
installer.exe
Details File 2 
nativeapp.exe
Details File 40 
background.js
Details File 86 
manifest.json
Details File 17 
icon.png
Details File 10 
c:\\windows\\system32\\notepad.exe
Details File 2 
c:\\temp\\hello-world-x64.dll
Details File 2 
cmd.bin
Details File 380 
notepad.exe
Details sha256 2 
e82e1fb775a0181686ad0d345455451c87033cafde3bd84512b6e617ace3338e
Details IPv4 2 
45.76.62.198
Details IPv4 2 
172.93.201.172