‘Purple Fox’ Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell
Show in Graph
Image Description
Common Information
Type Value
UUID 011d9b8a-5deb-4969-acdd-bfa5dd21a5e6
Fingerprint 1db34e15217e763657c628b42e12dabaf269c09685870a134d914ec5eb866c88
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 9, 2019, 2:47 p.m.
Added to db April 14, 2024, 9:55 a.m.
Last updated Aug. 31, 2024, 6:16 a.m.
Headline ‘Purple Fox’ Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell
Title ‘Purple Fox’ Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell
Detected Hints/Tags/Attributes 26/1/36
Source URLs
Redirection Url
Details Source https://documents.trendmicro.com/assets/appendix-purple-fox-fileless-malware-with-rookit-component-delivered-by-rig-exploit-kit-now-abuses%20powershell.pdf
URL Provider
Details Provider Source level domain
Details trendmicro.com documents.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
trojan.win64.cv
Details Domain 1 
trojan.win32.cv
Details Domain 1 
jeitacave.org
Details Domain 1 
nw.brownsine.com
Details Domain 1 
zopso.org
Details Domain 604 
www.trendmicro.com
Details File 1 
1808164.jpg
Details File 1 
1808132.jpg
Details File 1 
1505132.jpg
Details File 14 
app.dll
Details File 1 
1603264.jpg
Details File 1 
1.htm
Details File 20 
trojan.vbs
Details File 2 
0.sys
Details File 1 
2.htm
Details File 1 
mycgcs.jpg
Details File 1 
19_.htm
Details File 19 
trojan.html
Details File 1 
pe.jpg
Details File 38 
trojan.ps1
Details File 1 
1505164.jpg
Details File 1 
1603232.jpg
Details File 3 
1.swf
Details File 4 
trojan.swf
Details File 1 
ps004.jpg
Details IPv4 1 
141.98.216.130
Details Url 1 
http://141.98.216.130/1808164.jpg
Details Url 1 
http://141.98.216.130/1603264.jpg
Details Url 1 
http://141.98.216.130/1505164.jpg
Details Url 1 
http://141.98.216.130/1808132.jpg
Details Url 1 
http://141.98.216.130/1603232.jpg
Details Url 1 
http://141.98.216.130/1505132.jpg
Details Url 1 
http://141.98.216.130/pe.jpg
Details Url 1 
http://jeitacave.org/ps004.jpg
Details Url 1 
http://nw.brownsine.com
Details Url 1 
http://zopso.org