ioc[.]one - OSINT Cyber Threat Intelligence Database

From PoC to Exploit Kit: Purple Fox now exploits CVE-2021-26411 | HP Wolf Security

Tags

cmtmf-attack-pattern:	Geofencing
country:	Egypt Argentina Switzerland Netherlands Germany France Ireland Italy Japan Sweden
attack-pattern:	Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Geofencing - T1627.001 Geofencing - T1581 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Vulnerabilities - T1588.006 Powershell - T1086 Rootkit - T1014 Scripting - T1064 Rootkit Scripting

Show in Graph

Common Information

Type	Value
UUID	3d88213c-8342-4373-bd9f-c9aafe947af1
Fingerprint	84b191d4c1b794a1
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 14, 2021, 4:51 p.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 12, 2024, 11:48 a.m.
Headline	From PoC to Exploit Kit: Purple Fox now exploits CVE-2021-26411
Title	From PoC to Exploit Kit: Purple Fox now exploits CVE-2021-26411 \| HP Wolf Security
Detected Hints/Tags/Attributes	49/3/45

Source URLs

	Redirection	Url
Details	Source	https://threatresearch.ext.hp.com/purple-fox-exploit-kit-now-exploits-cve-2021-26411/

URL Provider

Details	Provider	Source level domain
Details	hp.com	threatresearch.ext.hp.com

Attributes

Details	Type	#Events	Value
Details	CVE	48	cve-2021-26411
Details	CVE	43	cve-2020-0674
Details	CVE	34	cve-2019-1458
Details	CVE	37	cve-2015-1701
Details	CVE	32	cve-2018-8120
Details	CVE	12	cve-2019-0808
Details	CVE	11	cve-2020-1054
Details	CVE	45	cve-2021-1732
Details	Domain	1	loislandgraf.us
Details	Domain	1	www.loislandgraf.us
Details	Domain	1	www.healthier-patriot.shop
Details	Domain	1	iauisdoenki.xyz
Details	Domain	1	eyoruas.iauisdoenki.xyz
Details	Domain	1	veoipc.ahntncaiiribi.xyz
Details	Domain	1	ahntncaiiribi.xyz
Details	Domain	1	cnghfekiutetw.xyz
Details	Domain	1	ktecydnn.xyz
Details	Domain	1	vmendehep.xyz
Details	Domain	1	broad-block-d151.weteon.workers.dev
Details	Domain	1	plain-forest-2233.ethcrartb.workers.dev
Details	Domain	1	shy-feather-00c8.itttsfbir.workers.dev
Details	Domain	1	summer-shadow-5f60.oryfannne.workers.dev
Details	Domain	1	rawcdn.githack.net
Details	File	115	win32k.sys
Details	sha256	1	be9fc372f19c9a50c1a72bfb0a59e8c61188ea5c249fee0f861d91943b7e44ff
Details	sha256	1	46114cd251ce7724db978be8ade624c798b125467e1599fac19a31ff099c94d7
Details	sha256	1	bfa9cc5c1ce788349e8c215ce100a8d91f620b12d0b89de9e84aac4e9c271f99
Details	sha256	1	a1cf6f10a700c70d95941497164b03b08ea63eb3b8f67d88255bf775aa564d1f
Details	sha256	1	a4237b2123f701136a2e1e01eb2fefcb99a8f2ee32ad147e2280fa39aa3f0109
Details	sha256	1	f7938b01fc97daa164bce34c5cd0ab4c02a8c58c9d4a7102364dd9dfe0f90d30
Details	sha256	1	f68e95cde6170068ca64f57f34757ddfe9386c888090d02afb32a89204b8bc09
Details	sha256	1	7a8469d5ca87ce05b91cc1e22183513af54f26a0b9684a2f31e6ab243fa2ffde
Details	sha256	1	231485bfd3e299ba3cc51fc6ce48a60b8d205adb3c9c0662210a2e654f593967
Details	sha256	1	d20ccd52ffd1a3b831c65a1f1f7955494d267cdf5df3df7a95c47f4de34f72c2
Details	sha256	1	01f954cbc2e1b35c67f86e1ae090f4641ce9d7a40efe0b73517d1817274ffab9
Details	sha256	1	2dea273fa8f6f15297d0f0f98d7e27ac1ec02b59b81c6b7888ae3b99c57b3d8f
Details	sha256	1	419848f8832a9a4cefdfff4d712922cce05aa72bd47b84aafc5276d050072111
Details	sha256	1	0cb6e176a87702a779b73b5cf4787f5dfc6ebf763c895ec37a6422b8335287ab
Details	sha256	1	1a71c739d20fb3c8649a7e620d0d046ba01a3cbeddc5d3b2c2d7fa3b136bae12
Details	sha256	1	ca7bd2830405ed53fd7f56738d7644ff8ecfd5bc63d079d322c99601c6106843
Details	sha256	1	7b9a0b674d9502abe5a7227ef60f3854ef6e12803a74b480581a199c6df3165c
Details	sha256	1	e0092a2d0da3eb745d0b0fbf57c0f68ea781770c216ff7bdeb4cd0029bd4d1c3
Details	sha256	1	079c13fbc30a32e4f0386cd53c56d68404961b8f1cd4d4fde1a1e9def42aa557
Details	sha256	1	7465b738ba31fa2fff7fef1d770ef32e43b01d49a937b3b1c11dc2e4e45fd019
Details	sha256	1	90658e4d79007577c3ad13a79a9d47f39c6949dcca3ee618de476c27b214c5a1