A Look Into Purple Fox’s New Arrival Vector
Common Information
| Type | Value |
|---|---|
| UUID | de2ed336-5818-4708-9bd1-3c68f3a6bb0e |
| Fingerprint | 71fac5e1ae3d2fe13890d3030ff8f7af6b89caeb2a38bad4e075adf772343e6f |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 25, 2022, 6:55 p.m. |
| Added to db | April 14, 2024, 9:23 a.m. |
| Last updated | Aug. 31, 2024, 4:01 a.m. |
| Headline | A Look Into Purple Fox’s New Arrival Vector |
| Title | A Look Into Purple Fox’s New Arrival Vector |
| Detected Hints/Tags/Attributes | 113/3/77 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | trojan.win64.pfshelloader.sm |
|
| Details | Domain | 1 | sgaiycl.gnway.net |
|
| Details | Domain | 3 | e1f3ac7f.moe |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 19 | cybersecurity.att.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 6 | www.guardicore.com |
|
| Details | Domain | 128 | www.bitdefender.com |
|
| Details | Domain | 144 | www.fortinet.com |
|
| Details | Domain | 84 | www.zscaler.com |
|
| Details | Domain | 18 | usa.kaspersky.com |
|
| Details | Domain | 3 | www.pcgamer.com |
|
| Details | Domain | 124 | www.sentinelone.com |
|
| Details | File | 2 | textinputh.exe |
|
| Details | File | 1 | 客户账单明细j.exe |
|
| Details | File | 1 | pphelper5.exe |
|
| Details | File | 1 | 极品新茶上线到付服务项目以及联系方式r.exe |
|
| Details | File | 1 | screenrecorderpro3.exe |
|
| Details | File | 8 | zenmap.exe |
|
| Details | File | 19 | x.exe |
|
| Details | File | 1 | whatsappsetupr.exe |
|
| Details | File | 1 | 奇迹娱乐12月总账单z.exe |
|
| Details | File | 1 | flashc.exe |
|
| Details | File | 1 | mfcss.exe |
|
| Details | File | 1 | quickqr.exe |
|
| Details | File | 5 | svchost.txt |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 1 | 545a30.dll |
|
| Details | File | 1 | 222.dll |
|
| Details | File | 36 | zhudongfangyu.exe |
|
| Details | File | 16 | 360safe.exe |
|
| Details | File | 33 | 360tray.exe |
|
| Details | File | 21 | 360sd.exe |
|
| Details | File | 20 | qqpctray.exe |
|
| Details | File | 12 | qqpcrtp.exe |
|
| Details | File | 6 | mssecess.exe |
|
| Details | File | 1 | 'msseces.exe |
|
| Details | File | 1 | 'mssecess.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 2 | infrastructure.html |
|
| Details | Github username | 1 | sin5678 |
|
| Details | Github username | 2 | jkornev |
|
| Details | Github username | 3 | darthton |
|
| Details | md5 | 1 | cd4462856c4fd8b466aa621adac70ded |
|
| Details | md5 | 1 | 72442AD98A13CA8D1F956D95F98E8AED |
|
| Details | md5 | 1 | 24D5DAC4C6006A7EC58FD11838543953 |
|
| Details | md5 | 1 | A0272708E1DE3F323B71B5D723BEDD5A |
|
| Details | md5 | 1 | 70E470D6244A85221ADD5E4571B82DAB |
|
| Details | md5 | 1 | F2FEEB586039BE21DF852A77C3F0F621 |
|
| Details | md5 | 1 | 4A59658BCC4205A2CA9BE1F13FDAE02B |
|
| Details | md5 | 1 | 6046DC00F75D92877B847A959C4E01F6 |
|
| Details | md5 | 1 | 842CD635A2662745ED3242CFC21C1C35 |
|
| Details | md5 | 1 | C9385EE4D39A4BC7EF9DA02F70849EAB |
|
| Details | md5 | 1 | 2DD4534BF273C23DC641AB0D3B3E192C |
|
| Details | md5 | 1 | 2bef7e40cd07bc587b2db765364884d9 |
|
| Details | sha256 | 1 | 25da2ebdbe2136f07bd414795082364cafda79d8271d099e78891b079158ed1b |
|
| Details | sha256 | 1 | 492fdcbdf81ed196b35cdbb7fac85e3a8ee1edebe0803034df900f5e1a5049b6 |
|
| Details | sha256 | 1 | 638fa26aea7fe6ebefe398818b09277d01c4521a966ff39b77035b04c058df60 |
|
| Details | sha256 | 1 | 9b0401ed25b9852928fea88b68f386c89c1fd594043a65432307b477b9f841f7 |
|
| Details | IPv4 | 3 | 202.8.123.98 |
|
| Details | IPv4 | 3 | 194.146.84.245 |
|
| Details | Pdb | 1 | c:\users\sgaiycl\desktop\rundrive\addtrustdriver\x64\release\driver.pdb |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/21/l/a-look-into-purple-fox-server- |
|
| Details | Url | 1 | https://cybersecurity.att.com/blogs/labs-research/new- |
|
| Details | Url | 1 | https://github.com/sin5678/gh0st. |
|
| Details | Url | 1 | https://www.guardicore.com/labs/the- |
|
| Details | Url | 1 | https://github.com/jkornev/hidden. |
|
| Details | Url | 1 | https://github.com/darthton/blackbone. |
|
| Details | Url | 1 | https://www.bitdefender.com/blog/labs/digitally-signed-rootkitsare-back-a-look-atfivesys-and- |
|
| Details | Url | 5 | https://www.fortinet.com/blog/threat- |
|
| Details | Url | 2 | https://www.zscaler.com/blogs/security- |
|
| Details | Url | 1 | https://usa.kaspersky.com/about/press-releases/2021_operation-tunnel-snake-formerly- |
|
| Details | Url | 1 | https://www.pcgamer.com/nvidias- |
|
| Details | Url | 1 | https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/. |
|
| Details | Windows Registry Key | 4 | HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0 |
|
| Details | Windows Registry Key | 1 | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services |