ioc[.]one - OSINT Cyber Threat Intelligence Database

Operation Earth Kitsune A Dance of Two New Backdoors

Tags

country:	Denmark Netherlands Greece Sweden Singapore
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006

Show in Graph

Common Information

Type	Value
UUID	93c0b387-772b-494a-a389-c9477b867c47
Fingerprint	ad1c94db44e28283
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 28, 2020, midnight
Added to db	Oct. 15, 2024, 5:39 p.m.
Last updated	Oct. 16, 2024, 2:30 a.m.
Headline	Operation Earth Kitsune: A Dance of Two New Backdoors
Title	Operation Earth Kitsune A Dance of Two New Backdoors
Detected Hints/Tags/Attributes	69/3/36

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_ca/research/20/j/operation-earth-kitsune-a-dance-of-two-new-backdoors.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	8	cve-2019-5782
Details	CVE	43	cve-2020-0674
Details	CVE	34	cve-2019-1458
Details	CVE	1	cve-2011-4066
Details	CVE	1	cve-2014-2339
Details	CVE	1	cve-2009-0290
Details	Domain	9	no-ip.com
Details	Domain	4	rs.myftp.biz
Details	Domain	7	m247.com
Details	Domain	1	agf.zapto.org
Details	Domain	3	www.mvps.net
Details	Domain	4	selectorioi.ddns.net
Details	Domain	2	hostslick.com
Details	Domain	1	whoami2.ddns.net
Details	Domain	1	whoamimaster.ddns.net
Details	File	4	dropper.dll
Details	File	2	policy.txt
Details	File	1	crypted_package.zip
Details	File	1	happy.jpg
Details	File	2	20200209122021_qifxyren.jpg
Details	File	1	sad.jpg
Details	File	2	20200209122021_abjeuitk.jpg
Details	File	1	'tb.php
Details	File	1	autosave.php
Details	sha256	1	f28876a7f162ff9cdd608f07ee45f8e9211da4304b3602152d0386ceeac82442
Details	sha256	1	15d80e616b6b5fec3cfa0eeed5ac9037f34c4547ae27f5dfcaa5475501de4b95
Details	sha256	1	8304fcccaf18546caf94851c63dc8293eaf8de575ab442d4419aa9ed29ea8614
Details	IPv4	1	37.120.145.235
Details	IPv4	1	2.56.213.162
Details	IPv4	1	193.142.59.196
Details	IPv4	1	89.38.225.241
Details	IPv4	1	93.115.23.193
Details	IPv4	1	185.234.52.129
Details	Url	1	https://m247.com
Details	Url	2	https://www.mvps.net
Details	Url	1	https://hostslick.com