Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cyber_threat_intelligence/actors/Purple Fox/README.md

36 KiB
Raw Blame History

Purple Fox - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Purple Fox. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.purple_fox

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Purple Fox:

There are 11 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Purple Fox.

ID IP address Hostname Campaign Confidence
1 1.56.84.228 - - High
2 1.119.182.26 - - High
3 1.179.156.115 - - High
4 1.179.217.108 - - High
5 1.186.45.168 1.186.45.168.dvois.com - High
6 1.188.81.66 - - High
7 1.190.48.156 - - High
8 1.201.151.29 - - High
9 1.235.72.112 - - High
10 1.246.42.251 - - High
11 1.246.42.252 - - High
12 1.248.75.8 - - High
13 1.248.75.9 - - High
14 1.255.57.177 - - High
15 5.63.88.202 - - High
16 14.17.70.74 - - High
17 14.17.86.48 - - High
18 14.21.14.130 - - High
19 14.23.162.178 - - High
20 14.29.84.147 - - High
21 14.99.64.171 static-171.64.99.14-tataidc.co.in - High
22 14.140.205.173 14.140.205.173.STATIC-Delhi-vsnl.net.in - High
23 14.141.54.138 14.141.54.138.static-delhi.vsnl.net.in - High
24 14.152.59.10 - - High
25 14.152.85.108 - - High
26 14.152.90.20 - - High
27 14.152.95.140 - - High
28 14.192.10.204 - - High
29 14.215.236.98 - - High
30 14.225.236.18 static.vnpt.vn - High
31 23.27.126.122 - - High
32 23.224.78.146 - - High
33 23.224.94.75 - - High
34 23.225.39.130 - - High
35 23.225.229.228 - - High
36 23.237.73.2 - - High
37 27.10.45.210 - - High
38 27.10.46.21 - - High
39 27.50.21.157 ip-21-157.moratelindo.co.id - High
40 27.50.49.196 smtp-1.dreamwatches.net - High
41 27.50.162.133 - - High
42 27.50.162.239 - - High
43 27.54.228.71 - - High
44 27.54.248.35 - - High
45 27.100.226.151 - - High
46 27.124.37.105 - - High
47 27.124.37.117 - - High
48 27.124.42.145 - - High
49 27.125.7.156 - - High
50 27.128.180.42 - - High
51 27.154.225.194 - - High
52 27.154.233.226 - - High
53 27.155.87.194 - - High
54 27.191.234.199 - - High
55 27.195.138.22 - - High
56 27.195.204.146 - - High
57 27.195.240.133 - - High
58 27.212.72.219 - - High
59 27.212.73.30 - - High
60 27.212.234.107 - - High
61 27.254.148.162 - - High
62 27.255.64.7 - - High
63 31.47.1.30 - - High
64 31.47.11.100 - - High
65 31.57.157.115 31-57-157-115.shatel.ir - High
66 36.7.111.8 - - High
67 36.7.138.240 - - High
68 36.7.140.21 - - High
69 36.7.150.42 - - High
70 36.7.156.145 - - High
71 36.7.168.22 - - High
72 36.7.168.25 - - High
73 36.7.168.92 - - High
74 36.7.168.188 - - High
75 36.7.168.201 - - High
76 36.7.185.155 - - High
77 36.26.51.86 - - High
78 36.27.209.188 - - High
79 36.66.37.189 - - High
80 36.66.40.235 - - High
81 36.66.160.150 - - High
82 36.66.191.118 mail.sritex.co.id - High
83 36.91.178.106 - - High
84 36.91.178.107 - - High
85 36.92.8.131 - - High
86 36.92.151.150 - - High
87 36.94.64.14 - - High
88 36.94.149.167 - - High
89 36.110.105.51 51.105.110.36.static.bjtelecom.net - High
90 36.110.197.74 - - High
91 36.150.156.70 - - High
92 36.154.50.50 - - High
93 36.154.73.54 - - High
94 36.154.171.130 - - High
95 37.57.210.11 11.210.57.37.triolan.net - High
96 37.131.21.204 - - High
97 37.156.29.94 mail.telebino.ir - High
98 37.224.20.33 - - High
99 37.224.58.105 - - High
100 39.105.215.41 - - High
101 39.129.209.182 - - High
102 39.136.45.252 - - High
103 39.152.9.3 - - High
104 39.152.37.88 - - High
105 39.175.92.86 - - High
106 41.32.49.182 host-41.32.49.182-static.tedata.net - High
107 41.32.144.155 host-41.32.144.155.tedata.net - High
108 41.32.144.158 host-41.32.144.158.tedata.net - High
109 41.33.169.194 host-41.33.169.194.tedata.net - High
110 41.38.156.146 host-41.38.156.146.tedata.net - High
111 41.39.141.10 host-41.39.141.10.tedata.net - High
112 41.39.196.50 host-41.39.196.50.tedata.net - High
113 41.39.248.146 host-41.39.248.146.tedata.net - High
114 41.77.245.238 - - High
115 41.94.22.6 - - High
116 41.205.59.241 cust241-59.205.41.tvcabo.ao - High
117 41.207.138.10 - - High
118 42.6.100.6 - - High
119 42.6.103.209 - - High
120 42.7.9.255 - - High
121 42.49.84.6 - - High
122 42.55.188.218 - - High
123 42.55.189.211 - - High
124 42.55.191.14 - - High
125 42.62.11.218 - - High
126 42.62.24.21 - - High
127 42.177.120.77 - - High
128 42.177.123.253 - - High
129 42.180.125.138 - - High
130 42.180.125.166 - - High
131 42.180.206.186 - - High
132 42.180.254.49 - - High
133 43.225.27.6 - - High
134 43.225.110.36 43.225.110.36.rdns.newipdns.com - High
135 43.225.193.6 - - High
136 43.226.45.42 - - High
137 43.231.96.109 - - High
138 43.240.73.9 - - High
139 43.240.73.10 - - High
140 43.240.73.14 - - High
141 43.240.112.115 - - High
142 43.240.158.15 - - High
143 43.241.19.187 - - High
144 43.241.19.189 - - High
145 43.247.70.234 - - High
146 43.250.184.235 - - High
147 43.250.186.10 - - High
148 43.250.186.70 - - High
149 43.250.186.146 - - High
150 43.250.186.190 - - High
151 43.250.186.206 - - High
152 43.250.186.230 - - High
153 43.254.158.8 - - High
154 45.5.92.17 mva.nrtmexico.mx - High
155 45.32.35.16 - - High
156 45.32.64.219 45.32.64.219.vultrusercontent.com - High
157 45.32.93.106 45.32.93.106.vultrusercontent.com - High
158 45.32.127.170 45.32.127.170.vultrusercontent.com - High
159 45.32.149.53 45.32.149.53.vultrusercontent.com - High
160 45.32.155.0 45.32.155.0.vultrusercontent.com - High
161 45.32.206.5 45.32.206.5.vultrusercontent.com - High
162 45.34.3.130 unassigned.psychz.net - High
163 45.38.33.74 - - High
164 45.39.227.234 - - High
165 45.61.193.22 - - High
166 45.64.53.71 - - High
167 45.64.128.74 - - High
168 45.64.128.125 - - High
169 45.71.140.22 45-71-140-22.maripa.net.br - High
170 45.76.32.126 45.76.32.126.vultrusercontent.com - High
171 45.76.134.47 - - High
172 45.76.155.140 45.76.155.140.vultrusercontent.com - High
173 45.76.204.9 45.76.204.9.vultrusercontent.com - High
174 45.80.165.58 - - High
175 45.91.226.66 - - High
176 45.93.31.2 - - High
177 45.112.138.93 45.112.138.93.actcorp.in - High
178 45.113.201.236 - - High
179 45.113.201.241 - - High
180 45.115.239.103 - - High
181 45.115.239.229 - - High
182 45.117.42.106 - - High
183 45.117.42.124 - - High
184 45.118.145.233 - - High
185 45.124.27.41 hkhdc.laws.ms - High
186 45.124.66.104 - - High
187 45.125.14.121 - - High
188 45.127.186.166 - - High
189 45.128.147.50 - - High
190 45.137.16.125 - - High
191 45.143.97.194 netweb.com.tr - High
192 45.150.141.185 45.150.141.185.ipv4.telcom.network - High
193 45.158.12.82 mail.sehirlersavasi.com - High
194 45.165.16.19 DNS-19.netmaisnet.com.br - High
195 45.167.76.7 ts.dstelecom.net.br - High
196 45.169.120.150 static-45-169-120-150.speedredestelecom.net.br - High
197 45.190.178.26 26-178-190-45.centralnetworks.net.br - High
198 45.202.24.48 - - High
199 45.225.140.26 45-225-140-26.ltsolucoes.com - High
200 45.228.209.138 - - High
201 45.229.203.252 - - High
202 45.234.151.250 win.giga7telecom.com.br - High
203 45.248.11.82 - - High
204 45.248.11.91 - - High
205 45.248.11.93 - - High
206 45.251.21.82 - - High
207 45.252.80.2 www.isplko.com - High
208 46.21.196.181 srv2081.sd-france.net - High
209 46.31.79.45 mail-shortest.celepublic.com - High
210 46.33.247.92 ppp-46-33-247-92.wildpark.net - High
211 46.100.105.108 - - High
212 46.166.148.195 - - High
213 46.181.62.102 46-181-62-102.goodline.info - High
214 46.249.109.63 - - High
215 46.249.109.124 - - High
216 46.249.113.3 - - High
217 47.104.60.50 - - High
218 47.104.72.127 - - High
219 47.105.195.153 - - High
220 47.110.44.13 - - High
221 49.7.59.146 - - High
222 49.231.177.116 mail.govcomplexsignage.com - High
223 49.231.190.206 - - High
224 49.238.34.204 204-34-238-49.southernonline.net - High
225 50.76.163.26 50-76-163-26-static.hfc.comcastbusiness.net - High
226 50.201.2.171 50-201-2-171-static.hfc.comcastbusiness.net - High
227 51.79.43.54 ip54.ip-51-79-43.net - High
228 51.89.125.118 ip118.ip-51-89-125.eu - High
229 54.39.12.242 ip242.ip-54-39-12.net - High
230 57.167.200.174 - - High
231 58.16.252.14 - - High
232 58.18.37.35 - - High
233 58.18.57.13 - - High
234 58.18.132.155 - - High
235 58.20.248.119 - - High
236 58.23.153.8 - - High
237 58.23.153.21 - - High
238 58.33.52.126 126.52.33.58.broad.xw.sh.dynamic.163data.com.cn - High
239 58.33.85.113 113.85.33.58.broad.xw.sh.dynamic.163data.com.cn - High
240 58.33.158.12 12.158.33.58.broad.xw.sh.dynamic.163data.com.cn - High
241 58.37.10.220 220.10.37.58.broad.xw.sh.dynamic.163data.com.cn - High
242 58.37.11.99 99.11.37.58.broad.xw.sh.dynamic.163data.com.cn - High
243 58.49.58.93 - - High
244 58.49.59.139 - - High
245 58.49.59.219 - - High
246 58.52.195.170 - - High
247 58.56.33.27 - - High
248 58.56.102.67 - - High
249 58.57.100.34 - - High
250 58.58.55.178 - - High
251 58.58.71.238 - - High
252 58.58.178.99 - - High
253 58.59.12.99 - - High
254 58.59.53.242 - - High
255 58.59.54.78 - - High
256 58.64.128.29 - - High
257 58.64.200.213 - - High
258 58.64.204.8 - - High
259 58.119.16.100 - - High
260 58.119.18.4 - - High
261 58.119.67.1 - - High
262 58.210.174.78 - - High
263 58.211.55.206 - - High
264 58.215.65.19 - - High
265 58.215.65.57 - - High
266 58.215.65.60 - - High
267 58.215.65.83 - - High
268 58.216.164.70 - - High
269 58.218.66.83 - - High
270 58.218.66.184 - - High
271 58.218.200.31 - - High
272 58.218.200.63 - - High
273 58.218.204.196 - - High
274 58.218.213.253 - - High
275 58.220.2.94 - - High
276 58.220.24.47 - - High
277 58.220.24.52 - - High
278 58.220.24.62 - - High
279 58.220.24.81 - - High
280 58.220.24.91 - - High
281 58.220.30.12 - - High
282 58.220.41.50 - - High
283 58.220.41.52 - - High
284 58.220.46.51 - - High
285 58.220.46.52 - - High
286 58.220.109.222 - - High
287 58.220.200.142 - - High
288 58.220.248.189 - - High
289 58.221.59.48 - - High
290 58.221.60.109 - - High
291 58.221.161.78 - - High
292 58.221.249.38 - - High
293 58.229.194.121 - - High
294 58.229.194.122 - - High
295 58.232.55.7 - - High
296 58.232.55.8 - - High
297 58.240.9.11 - - High
298 58.241.150.125 - - High
299 58.241.230.77 - - High
300 58.242.154.54 - - High
301 58.244.181.154 154.181.244.58.adsl-pool.jlccptt.net.cn - High
302 58.255.77.20 - - High
303 59.11.209.168 - - High
304 59.11.209.178 - - High
305 59.31.61.107 - - High
306 59.38.100.36 - - High
307 59.39.180.50 - - High
308 59.44.175.19 - - High
309 59.45.27.187 - - High
310 59.45.79.40 - - High
311 59.46.0.18 18.0.46.59.broad.sy.ln.dynamic.163data.com.cn - High
312 59.46.115.170 - - High
313 59.46.143.70 - - High
314 59.47.232.84 - - High
315 59.47.232.115 - - High
316 59.47.232.119 - - High
317 59.48.172.222 222.172.48.59.broad.jc.sx.dynamic.163data.com.cn - High
318 59.48.174.6 - - High
319 59.48.242.6 6.242.48.59.broad.ll.sx.dynamic.163data.com.cn - High
320 59.53.63.36 - - High
321 59.53.63.49 - - High
322 59.54.54.226 - - High
323 59.57.13.92 - - High
324 59.60.31.210 - - High
325 59.63.163.45 - - High
326 59.63.163.112 - - High
327 59.63.163.200 - - High
328 59.63.163.216 - - High
329 59.63.166.43 - - High
330 59.63.200.69 - - High
331 59.103.138.87 - - High
332 59.120.154.13 59-120-154-13.hinet-ip.hinet.net - High
333 59.124.3.20 59-124-3-20.hinet-ip.hinet.net - High
334 59.148.18.46 059148018046.ctinets.com - High
335 59.173.12.120 - - High
336 59.173.12.193 - - High
337 59.175.145.171 - - High
338 59.175.148.84 - - High
339 59.175.148.92 - - High
340 59.188.69.212 - - High
341 59.188.251.145 - - High
342 60.5.90.175 - - High
343 60.5.92.47 - - High
344 60.5.93.147 - - High
345 60.5.157.128 - - High
346 60.6.206.44 - - High
347 60.8.55.27 hebei.8.60.in-addr.arpa - High
348 60.8.177.210 hebei.8.60.in-addr.arpa - High
349 60.8.177.242 hebei.8.60.in-addr.arpa - High
350 60.10.34.103 hebei.10.60.in-addr.arpa - High
351 60.11.9.112 - - High
352 60.11.123.50 - - High
353 60.12.105.13 mx2.sh.font-family.org - High
354 60.12.109.73 - - High
355 60.12.124.70 - - High
356 60.13.146.20 - - High
357 60.19.249.168 - - High
358 60.19.250.79 - - High
359 60.19.250.211 - - High
360 60.19.250.238 - - High
361 60.22.72.185 - - High
362 60.22.91.164 - - High
363 60.160.21.8 - - High
364 60.160.21.37 - - High
365 60.164.175.199 - - High
366 60.164.188.49 - - High
367 60.164.191.22 - - High
368 60.165.218.184 - - High
369 60.169.30.159 - - High
370 60.170.76.29 - - High
371 60.170.76.30 - - High
372 60.173.116.160 - - High
373 60.173.161.70 - - High
374 60.173.255.251 - - High
375 60.174.95.143 - - High
376 60.174.224.161 - - High
377 60.174.225.253 - - High
378 60.174.234.44 - - High
379 60.174.234.62 - - High
380 60.175.153.105 - - High
381 60.178.153.3 - - High
382 60.178.155.80 - - High
383 60.179.110.57 - - High
384 60.190.114.200 - - High
385 60.190.114.207 - - High
386 60.190.149.52 - - High
387 60.190.202.44 - - High
388 60.190.249.66 - - High
389 60.191.84.24 - - High
390 60.191.230.14 - - High
391 60.191.230.173 - - High
392 60.191.236.86 - - High
393 60.194.65.243 - - High
394 60.195.190.132 - - High
395 60.207.83.238 - - High
396 60.208.125.106 - - High
397 60.211.181.178 - - High
398 60.211.218.153 - - High
399 60.214.107.2 - - High
400 60.214.107.89 - - High
401 60.214.107.91 - - High
402 60.214.107.158 - - High
403 60.214.107.187 - - High
404 60.215.70.229 - - High
405 60.216.24.92 - - High
406 ... ... ... ...

There are 1620 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Purple Fox. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23 Pathname Traversal High
2 T1040 CWE-294 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-94 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 ... ... ... ...

There are 21 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Purple Fox. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /admin/index.php High
2 File /admin/login.php High
3 File /admin/students/view_student.php High
4 File /ad_js.php Medium
5 File /api/RecordingList/DownloadRecord?file= High
6 File /appliance/users?action=edit High
7 File /bd_genie_create_account.cgi High
8 File /cdsms/classes/Master.php?f=delete_enrollment High
9 File /cgi-bin/kerbynet High
10 File /cgi-bin/nightled.cgi High
11 File /cgi-bin/wlogin.cgi High
12 File /claire_blake High
13 File /configs/application.ini High
14 File /controller/OnlinePreviewController.java High
15 File /coreframe/app/attachment/admin/index.php High
16 File /coreframe/app/pay/admin/index.php High
17 File /debug/pprof Medium
18 File /defaultui/player/modern.html High
19 File /etc/init0.d/S80telnetd.sh High
20 File /etc/shadow Medium
21 File /etc/shadow.sample High
22 File /filemanager/ajax_calls.php High
23 File /forum/away.php High
24 File /goform/SetIpMacBind High
25 File /goform/setmac High
26 File /h/search?action High
27 File /home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf High
28 File /htdocs/utils/Files.php High
29 File /index.php?action=seomatic/file/seo-file-link High
30 File /jfinal_cms/system/role/list High
31 File /librarian/edit_book_details.php High
32 File /loginVaLidation.php High
33 File /manage-apartment.php High
34 File /master/index.php High
35 File /MicroStrategyWS/happyaxis.jsp High
36 File /mkshop/Men/profile.php High
37 File /ows-bin Medium
38 File /pages/apply_vacancy.php High
39 File /pages/processlogin.php High
40 File /redbin/rpwebutilities.exe/text High
41 ... ... ...

There are 354 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!