PurpleFox Being Distributed via MS-SQL Servers - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Powershell - T1086 Rootkit - T1014 Rootkit |
Common Information
| Type | Value |
|---|---|
| UUID | e70d874c-fa99-4dd0-9a00-6f844a1e0e61 |
| Fingerprint | 8d26a47e61fe8fa1 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | July 24, 2023, 11 a.m. |
| Added to db | Oct. 24, 2023, 1:16 p.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | PurpleFox Being Distributed via MS-SQL Servers |
| Title | PurpleFox Being Distributed via MS-SQL Servers - ASEC BLOG |
| Detected Hints/Tags/Attributes | 31/2/13 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/en/55492/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 17 | ✔ | ASEC | https://asec.ahnlab.com/en/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 119 | sqlservr.exe |
|
| Details | File | 1209 | powershell.exe |
|
| Details | File | 5 | 57bc9b7e.png |
|
| Details | File | 2 | 2e0ecb2f.png |
|
| Details | File | 4 | setupact64.log |
|
| Details | File | 7 | sens.dll |
|
| Details | md5 | 2 | f725bab929df4fe2626849ba269b7fcb |
|
| Details | md5 | 2 | d88a9237dd21653ebb155b035aa9a33c |
|
| Details | IPv4 | 2 | 64.227.152.193 |
|
| Details | Url | 2 | http://64.227.152.193:18336/57bc9b7e.png |
|
| Details | Url | 2 | http://64.227.152.193:18336/2e0ecb2f.png |
|
| Details | Url | 1 | http://64,227,152.193:18336/57bc9b7e.png |
|
| Details | Windows Registry Key | 19 | HKLM\SYSTEM\CurrentControlSet\Control\Session |