ioc[.]one - OSINT Cyber Threat Intelligence Database

PurpleFox Resurfaces Via Spam Emails: A Look Into Its Recent Campaign

Tags

cmtmf-attack-pattern:	Application Layer Protocol Command And Scripting Interpreter Masquerading
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Botnet - T1583.005 Botnet - T1584.005 Command And Scripting Interpreter - T1623 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Ingress Tool Transfer - T1544 Malware - T1587.001 Malware - T1588.001 Masquerade File Type - T1036.008 Masquerading - T1655 Process Discovery - T1424 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Services File Permissions Weakness - T1574.010 Software - T1592.002 Spearphishing Attachment - T1566.001 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Visual Basic - T1059.005 Template Injection - T1221 Virtualization/Sandbox Evasion - T1497 Windows Service - T1543.003 Tool - T1588.002 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Remote File Copy - T1105 Masquerading - T1036 Modify Registry - T1112 Powershell - T1086 Process Discovery - T1057 Query Registry - T1012 Rootkit - T1014 Security Software Discovery - T1063 System Information Discovery - T1082 Masquerading Rootkit

Show in Graph

Common Information

Type	Value
UUID	a55e6436-0f07-43e0-bcba-6aa674f3641c
Fingerprint	e0c7ab232db64b83
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 29, 2023, midnight
Added to db	Oct. 23, 2023, 1:28 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	PurpleFox Resurfaces Via Spam Emails: A Look Into Its Recent Campaign
Title	PurpleFox Resurfaces Via Spam Emails: A Look Into Its Recent Campaign
Detected Hints/Tags/Attributes	109/3/62

Source URLs

	Redirection	Url
Details	Source	https://cyble.com/blog/purplefox-resurfaces-via-spam-emails-a-look-into-its-recent-campaign/

URL Provider

Details	Provider	Source level domain
Details	cyble.com	cyble.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	98	✔	Cyble	https://cyble.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	black-sun-a335.asyorfplmnv.workers.dev
Details	File	1	invoice-891920.docx
Details	File	1	id-191304203986.docm
Details	File	1	id-231396590616.docm
Details	File	1	invoice-475394.doc
Details	File	2	update.dot
Details	File	66	settings.xml
Details	File	29	vbaproject.bin
Details	File	2	ace.jpg
Details	File	1	all.png
Details	File	40	msi.dll
Details	File	1	ssdxxip8dqeq.jpg
Details	File	1	c:\windows\installer\msi7417.tmp
Details	File	4	sysupdate.log
Details	File	4	winupdate32.log
Details	File	5	winupdate64.log
Details	File	118	sc.exe
Details	File	165	reg.exe
Details	File	1	invoice-654931.doc
Details	md5	1	70e254f2a86e0a49bb319c2af0e1a2cb
Details	md5	1	8c498f9e6dd65c5a9704208922224661
Details	md5	1	a7c5adccfeb31331edd0351c7b5fdde9
Details	md5	1	405ddc04a06b883b12e1e152be599533
Details	md5	1	def0a155618de548cc2902221d3890db
Details	md5	1	eb9a4cf233789b96f940be0186a26988
Details	sha1	1	37d4fddb6bf2de6611c6655a5cd37972fc33642d
Details	sha1	1	62f331959dde379b2536caed26a74ae8460c0c30
Details	sha1	1	7b0985c861986ec9e2087ade8273e544009d68e1
Details	sha1	1	bd13ecc3f3410986996b3bc0998549875aa171d3
Details	sha1	1	1dc2f872c2e23e1eb0c6090909c5807553ad1e75
Details	sha1	1	a0fd6c29b81c629baa9c1311f177f715d6aee36f
Details	sha1	1	6c642417ba41c0c883c4f431de99513827d2858b
Details	sha1	1	db90e04683068fd16d5fbefbba4e7dd30adba306
Details	sha1	1	002a1cee740fa212732379d1f00dbcf7c0cccbf2
Details	sha1	1	67856eed42115b6af39ecf6bb3e66f6ed8c13287
Details	sha256	1	1ddc7091d5bbe8d2105be4c2341f941f04cdeaaea05b89b6ee1456843b90fb04
Details	sha256	1	38f581881093c044667d565a698aa389f14585a58d5c8b692dc2be851293f1c2
Details	sha256	1	efe078fb3808c5b725d33df59da55aff0718534e31908280899c9859a0f2d1a8
Details	sha256	1	d4e1cb27ce387ee1aedd8ebd69ec2f0a13e1d81bae6079061bd13f1a0a158026
Details	sha256	1	540ba2c354ead0e80dd37fb41ae83f4ea98b52fcf2e124463b2a6d0d73bd2e05
Details	sha256	1	24d40ba4bf19e3cb942918eb8091ab467b11d5d737aef8e37cffc5306d0081d8
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	137	T1059.005
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	21	T1036.008
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	40	T1221
Details	MITRE ATT&CK Techniques	4	T1574.010
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	492	T1105
Details	Url	1	http://black-sun-a335.asyorfplmnv.workers.dev/mnwodbptk6ju/zkjfnbnzeum8/37d4fddb6bf2de6611c6655a5cd37972fc33642d/ace.jpg
Details	Url	1	http://black-sun-a335.asyorfplmnv.workers.dev/mnwodbptk6ju/t2qomnwffues/62f331959dde379b2536caed26a74ae8460c0c30/all.png
Details	Url	1	http://black-sun-a335.asyorfplmnv.workers.dev/mnwodbptk6ju/5hwtrlyyhfiv/7b0985c861986ec9e2087ade8273e544009d68e1/ssdxxip8dqeq.jpg
Details	Url	1	http://black-sun-a335.asyorfplmnv.workers.dev/mnwodbptk6ju/zkjfnbnzeum8/67856eed42115b6af39ecf6bb3e66f6ed8c13287/update.dotm
Details	Windows Registry Key	1	HKCU\Software\7-Zip