Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 16:14:23 UTC
Home > List all groups > List all tools > List all groups using tool SLUB
 Tool: SLUB
Names SLUB
Category Malware
Type Reconnaissance, Backdoor, Info stealer, Downloader, Exfiltration
Description
(Trend Micro) We recently came across a previously unknown malware that piqued our
interest in multiple ways. For starters, we discovered it being spread via watering hole
attacks, a technique that involves an attacker compromising a website before adding code
to it so visitors are redirected to the infecting code. In this case, each visitor is redirected
only once. The infection was done by exploiting CVE-2018-8174, a VBScript engine
vulnerability that was patched by Microsoft back in May 2018.
Second, it uses a multi-stage infection scheme. After it exploits the vulnerability, it
downloads a DLL and runs it in PowerShell (PS). This file, which is a downloader, then
downloads and runs the second executable file containing a backdoor. The first stage
downloader also checks for the existence of different kinds of antivirus software
processes, and then proceeds to exit if any is found. At the time of discovery, the backdoor
was seemingly unknown to AV products.
Information
Malpedia AlienVault OTX Last change to this tool card: 24 April 2021
Download this tool card in JSON format
All groups using tool SLUB
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=576647b7-c4ec-4642-baa2-0d9b53d9ae3c
Page 1 of 2

Changed Name Country Observed
APT groups
  Operation Earth Kitsune 2019-Late 2022  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=576647b7-c4ec-4642-baa2-0d9b53d9ae3c
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=576647b7-c4ec-4642-baa2-0d9b53d9ae3c
Page 2 of 2