ioc[.]one - OSINT Cyber Threat Intelligence Database

MS-SQL 서버로 유포되는 PurpleFox - ASEC BLOG

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Powershell - T1059.001 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	23e18cec-290c-4a22-9fa1-504bb0d8fb76
Fingerprint	d8c581ae6d9cf338
Analysis status	IN_PROGRESS
Considered CTI value	0
Text language
Published	July 17, 2023, 11:05 a.m.
Added to db	July 17, 2023, 8:36 a.m.
Last updated	Nov. 18, 2024, 9:32 a.m.
Headline	MS-SQL 서버로 유포되는 PurpleFox
Title	MS-SQL 서버로 유포되는 PurpleFox - ASEC BLOG
Detected Hints/Tags/Attributes	13/2/12

Source URLs

	Redirection	Url
Details	Source	https://asec.ahnlab.com/ko/55302/

URL Provider

Details	Provider	Source level domain
Details	ahnlab.com	asec.ahnlab.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	18	✔	ASEC	https://asec.ahnlab.com/ko/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	File	119		sqlservr.exe
Details	File	1210		powershell.exe
Details	File	5		57bc9b7e.png
Details	File	2		2e0ecb2f.png
Details	File	4		setupact64.log
Details	File	7		sens.dll
Details	md5	2		f725bab929df4fe2626849ba269b7fcb
Details	md5	2		d88a9237dd21653ebb155b035aa9a33c
Details	IPv4	2		64.227.152.193
Details	Url	2		http://64.227.152.193:18336/57bc9b7e.png
Details	Url	2		http://64.227.152.193:18336/2e0ecb2f.png
Details	Windows Registry Key	19		HKLM\SYSTEM\CurrentControlSet\Control\Session