PurpleFox Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (30)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en24
de2
zh2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn12
us10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

PurpleFox2
Cobalt Strike1
Mirai1
OceanLotus1
UAC-00271

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
Web Browser4
Router Operating System4
Firewall Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Google4
Juniper4
Cisco2
Thomas R. Pasawicz2
Jtl-software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome4
Cisco Firepower Device Manager2
Thomas R. Pasawicz HyperBook Guestbook2
Juniper Junos2
Jtl-software JTL-Shop2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1MP4v2 MP4 File atom_avcC.cpp Read memory corruption8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.013390.00CVE-2018-14446
2libmp4v2 MP4 File mp4track.cpp FinishSdtp out-of-bounds6.46.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000640.00CVE-2018-17235
3Google Chrome Compositing out-of-bounds6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002330.03CVE-2022-2010
4Google Chrome WebGL out-of-bounds6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002400.02CVE-2022-2008
5Google Chrome WebGPU use after free6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.004650.03CVE-2022-2007
6DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.64CVE-2010-0966
7Pydio Imagemagick os command injection6.26.2$0-$5k$0-$5kNot DefinedNot Defined0.001070.05CVE-2019-10048
8Popup Maker Plugin do_action authorization8.28.0$0-$5k$0-$5kNot DefinedOfficial Fix0.112020.02CVE-2019-17574
9SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.56CVE-2022-28959
10Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-47166
11Drobo 5N2 NAS Access Control drobo.php information disclosure6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.004530.07CVE-2018-14702
12Juniper Junos J-Web information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001510.00CVE-2021-0210
13Juniper Junos OS J-Web input validation6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.002770.00CVE-2021-0269
14Apache SkyWalking H2/MySQL/TiDB sql injection7.46.8$5k-$25k$5k-$25kNot DefinedNot Defined0.043050.04CVE-2020-9483
15Symfony Exception information exposure4.64.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.04CVE-2020-5274
16Jtl-software JTL-Shop druckansicht.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2010-0691
17Google Android PackageItemInfo.java loadLabel denial of service6.05.9$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000440.00CVE-2021-0651
18Cisco Firepower Device Manager REST API code injection6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.002240.00CVE-2021-1518
19K7 Ultimate Security Backup Module K7BKCExt.dll link following6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000510.03CVE-2019-16896
20Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
161.222.155.4961-222-155-49.hinet-ip.hinet.netPurpleFox12/27/2023verifiedHigh
264.227.152.193PurpleFox03/18/2024verifiedHigh
3103.94.108.114PurpleFox12/27/2023verifiedHigh
4XXX.XXX.XX.XXXxxxxxxxx11/06/2023verifiedHigh
5XXX.XXX.XX.XXXxxxxxxxx11/06/2023verifiedHigh
6XXX.XX.XXX.XXXXxxxxxxxx12/27/2023verifiedHigh
7XXX.XXX.XXX.XXXXxxxxxxxx12/27/2023verifiedHigh
8XXX.XXX.X.XXXXxxxxxxxx12/27/2023verifiedHigh
9XXX.X.XXX.XXXxxx-x-xxx-xxx.xxx.xxxxxxxx.xxXxxxxxxxx12/27/2023verifiedHigh
10XXX.XXX.XXX.XXXxxxxxxxx11/06/2023verifiedHigh
11XXX.XXX.XX.XXXXxxxxxxxx11/06/2023verifiedHigh
12XXX.XXX.XX.XXXXxxxxxxxx12/27/2023verifiedHigh
13XXX.X.XXX.XXXXxxxxxxxx12/27/2023verifiedHigh
14XXX.XXX.XXX.XXXXxxxxxxxx12/27/2023verifiedHigh
15XXX.XXX.XX.XXXXxxxxxxxx12/27/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/drobopix/api/drobo.phppredictiveHigh
2File/spip.phppredictiveMedium
3Filexxxx_xxxx.xxxpredictiveHigh
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
5Filexxxxxxxxxxxx.xxxpredictiveHigh
6Filexxx/xxxxxx.xxxpredictiveHigh
7Filexxxxxxxx.xxxpredictiveMedium
8Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
9Filexxxxxxxxxx.xxxpredictiveHigh
10Libraryxxxxxxxx.xxxpredictiveMedium
11ArgumentxxxxxxxxpredictiveMedium
12ArgumentxxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!