Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-27 09:28:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
9acd7aff46
cyber_threat_intelligence/actors/Purple Fox
History
Marc Ruef 819a7a8241 Update January 2024
2024-01-26 07:53:33 +01:00
..
README.md Update January 2024 2024-01-26 07:53:33 +01:00

README.md

Purple Fox - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Purple Fox. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.purple_fox

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Purple Fox:

There are 4 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Purple Fox.

ID IP address Hostname Campaign Confidence
1 1.56.84.228 - - High
2 1.119.182.26 - - High
3 1.179.156.115 - - High
4 1.179.217.108 - - High
5 1.186.45.168 1.186.45.168.dvois.com - High
6 1.188.81.66 - - High
7 1.190.48.156 - - High
8 1.201.151.29 - - High
9 1.235.72.112 - - High
10 1.246.42.251 - - High
11 1.246.42.252 - - High
12 1.248.75.8 - - High
13 1.248.75.9 - - High
14 1.255.57.177 - - High
15 5.63.88.202 - - High
16 14.17.70.74 - - High
17 14.17.86.48 - - High
18 14.21.14.130 - - High
19 14.23.162.178 - - High
20 14.29.84.147 - - High
21 14.99.64.171 static-171.64.99.14-tataidc.co.in - High
22 14.140.205.173 14.140.205.173.STATIC-Delhi-vsnl.net.in - High
23 14.141.54.138 14.141.54.138.static-delhi.vsnl.net.in - High
24 14.152.59.10 - - High
25 14.152.85.108 - - High
26 14.152.90.20 - - High
27 14.152.95.140 - - High
28 14.192.10.204 - - High
29 14.215.236.98 - - High
30 14.225.236.18 static.vnpt.vn - High
31 23.27.126.122 - - High
32 23.224.78.146 - - High
33 23.224.94.75 - - High
34 23.225.39.130 - - High
35 23.225.229.228 - - High
36 23.237.73.2 - - High
37 27.10.45.210 - - High
38 27.10.46.21 - - High
39 27.50.21.157 ip-21-157.moratelindo.co.id - High
40 27.50.49.196 smtp-1.dreamwatches.net - High
41 27.50.162.133 - - High
42 27.50.162.239 - - High
43 27.54.228.71 - - High
44 27.54.248.35 - - High
45 27.100.226.151 - - High
46 27.124.37.105 - - High
47 27.124.37.117 - - High
48 27.124.42.145 - - High
49 27.125.7.156 - - High
50 27.128.180.42 - - High
51 27.154.225.194 - - High
52 27.154.233.226 - - High
53 27.155.87.194 - - High
54 27.191.234.199 - - High
55 27.195.138.22 - - High
56 27.195.204.146 - - High
57 27.195.240.133 - - High
58 27.212.72.219 - - High
59 27.212.73.30 - - High
60 27.212.234.107 - - High
61 27.254.148.162 - - High
62 27.255.64.7 - - High
63 31.47.1.30 - - High
64 31.47.11.100 - - High
65 31.57.157.115 31-57-157-115.shatel.ir - High
66 36.7.111.8 - - High
67 36.7.138.240 - - High
68 36.7.140.21 - - High
69 36.7.150.42 - - High
70 36.7.156.145 - - High
71 36.7.168.22 - - High
72 36.7.168.25 - - High
73 36.7.168.92 - - High
74 36.7.168.188 - - High
75 36.7.168.201 - - High
76 36.7.185.155 - - High
77 36.26.51.86 - - High
78 36.27.209.188 - - High
79 36.66.37.189 - - High
80 36.66.40.235 - - High
81 36.66.160.150 - - High
82 36.66.191.118 mail.sritex.co.id - High
83 36.91.178.106 - - High
84 36.91.178.107 - - High
85 36.92.8.131 - - High
86 36.92.151.150 - - High
87 36.94.64.14 - - High
88 36.94.149.167 - - High
89 36.110.105.51 51.105.110.36.static.bjtelecom.net - High
90 36.110.197.74 - - High
91 36.150.156.70 - - High
92 36.154.50.50 - - High
93 36.154.73.54 - - High
94 36.154.171.130 - - High
95 37.57.210.11 11.210.57.37.triolan.net - High
96 37.131.21.204 - - High
97 37.156.29.94 mail.telebino.ir - High
98 37.224.20.33 - - High
99 37.224.58.105 - - High
100 39.105.215.41 - - High
101 39.129.209.182 - - High
102 39.136.45.252 - - High
103 39.152.9.3 - - High
104 39.152.37.88 - - High
105 39.175.92.86 - - High
106 41.32.49.182 host-41.32.49.182-static.tedata.net - High
107 41.32.144.155 host-41.32.144.155.tedata.net - High
108 41.32.144.158 host-41.32.144.158.tedata.net - High
109 41.33.169.194 host-41.33.169.194.tedata.net - High
110 41.38.156.146 host-41.38.156.146.tedata.net - High
111 41.39.141.10 host-41.39.141.10.tedata.net - High
112 41.39.196.50 host-41.39.196.50.tedata.net - High
113 41.39.248.146 host-41.39.248.146.tedata.net - High
114 41.77.245.238 - - High
115 41.94.22.6 - - High
116 41.205.59.241 cust241-59.205.41.tvcabo.ao - High
117 41.207.138.10 - - High
118 42.6.100.6 - - High
119 42.6.103.209 - - High
120 42.7.9.255 - - High
121 42.49.84.6 - - High
122 42.55.188.218 - - High
123 42.55.189.211 - - High
124 42.55.191.14 - - High
125 42.62.11.218 - - High
126 42.62.24.21 - - High
127 42.177.120.77 - - High
128 42.177.123.253 - - High
129 42.180.125.138 - - High
130 42.180.125.166 - - High
131 42.180.206.186 - - High
132 42.180.254.49 - - High
133 43.225.27.6 - - High
134 43.225.110.36 43.225.110.36.rdns.newipdns.com - High
135 43.225.193.6 - - High
136 43.226.45.42 - - High
137 43.231.96.109 - - High
138 43.240.73.9 - - High
139 43.240.73.10 - - High
140 43.240.73.14 - - High
141 43.240.112.115 - - High
142 43.240.158.15 - - High
143 43.241.19.187 - - High
144 43.241.19.189 - - High
145 43.247.70.234 - - High
146 43.250.184.235 - - High
147 43.250.186.10 - - High
148 43.250.186.70 - - High
149 43.250.186.146 - - High
150 43.250.186.190 - - High
151 43.250.186.206 - - High
152 43.250.186.230 - - High
153 43.254.158.8 - - High
154 45.5.92.17 mva.nrtmexico.mx - High
155 45.32.35.16 - - High
156 45.32.64.219 45.32.64.219.vultrusercontent.com - High
157 45.32.93.106 45.32.93.106.vultrusercontent.com - High
158 45.32.127.170 45.32.127.170.vultrusercontent.com - High
159 45.32.149.53 45.32.149.53.vultrusercontent.com - High
160 45.32.155.0 45.32.155.0.vultrusercontent.com - High
161 45.32.206.5 45.32.206.5.vultrusercontent.com - High
162 45.34.3.130 unassigned.psychz.net - High
163 45.38.33.74 - - High
164 45.39.227.234 - - High
165 45.61.193.22 - - High
166 45.64.53.71 - - High
167 45.64.128.74 - - High
168 45.64.128.125 - - High
169 45.71.140.22 45-71-140-22.maripa.net.br - High
170 45.76.32.126 45.76.32.126.vultrusercontent.com - High
171 45.76.134.47 - - High
172 45.76.155.140 45.76.155.140.vultrusercontent.com - High
173 45.76.204.9 45.76.204.9.vultrusercontent.com - High
174 45.80.165.58 - - High
175 45.91.226.66 - - High
176 45.93.31.2 - - High
177 45.112.138.93 45.112.138.93.actcorp.in - High
178 45.113.201.236 - - High
179 45.113.201.241 - - High
180 45.115.239.103 - - High
181 45.115.239.229 - - High
182 45.117.42.106 - - High
183 45.117.42.124 - - High
184 45.118.145.233 - - High
185 45.124.27.41 hkhdc.laws.ms - High
186 45.124.66.104 - - High
187 45.125.14.121 - - High
188 45.127.186.166 - - High
189 45.128.147.50 - - High
190 45.137.16.125 - - High
191 45.143.97.194 netweb.com.tr - High
192 45.150.141.185 45.150.141.185.ipv4.telcom.network - High
193 45.158.12.82 mail.sehirlersavasi.com - High
194 45.165.16.19 DNS-19.netmaisnet.com.br - High
195 45.167.76.7 ts.dstelecom.net.br - High
196 45.169.120.150 static-45-169-120-150.speedredestelecom.net.br - High
197 45.190.178.26 26-178-190-45.centralnetworks.net.br - High
198 45.202.24.48 - - High
199 45.225.140.26 45-225-140-26.ltsolucoes.com - High
200 45.228.209.138 - - High
201 45.229.203.252 - - High
202 45.234.151.250 win.giga7telecom.com.br - High
203 45.248.11.82 - - High
204 45.248.11.91 - - High
205 45.248.11.93 - - High
206 45.251.21.82 - - High
207 45.252.80.2 www.isplko.com - High
208 46.21.196.181 srv2081.sd-france.net - High
209 46.31.79.45 mail-shortest.celepublic.com - High
210 46.33.247.92 ppp-46-33-247-92.wildpark.net - High
211 46.100.105.108 - - High
212 46.166.148.195 - - High
213 46.181.62.102 46-181-62-102.goodline.info - High
214 46.249.109.63 - - High
215 46.249.109.124 - - High
216 46.249.113.3 - - High
217 47.104.60.50 - - High
218 47.104.72.127 - - High
219 47.105.195.153 - - High
220 47.110.44.13 - - High
221 49.7.59.146 - - High
222 49.231.177.116 mail.govcomplexsignage.com - High
223 49.231.190.206 - - High
224 49.238.34.204 204-34-238-49.southernonline.net - High
225 50.76.163.26 50-76-163-26-static.hfc.comcastbusiness.net - High
226 50.201.2.171 50-201-2-171-static.hfc.comcastbusiness.net - High
227 51.79.43.54 ip54.ip-51-79-43.net - High
228 51.89.125.118 ip118.ip-51-89-125.eu - High
229 54.39.12.242 ip242.ip-54-39-12.net - High
230 57.167.200.174 - - High
231 58.16.252.14 - - High
232 58.18.37.35 - - High
233 58.18.57.13 - - High
234 58.18.132.155 - - High
235 58.20.248.119 - - High
236 58.23.153.8 - - High
237 58.23.153.21 - - High
238 58.33.52.126 126.52.33.58.broad.xw.sh.dynamic.163data.com.cn - High
239 58.33.85.113 113.85.33.58.broad.xw.sh.dynamic.163data.com.cn - High
240 58.33.158.12 12.158.33.58.broad.xw.sh.dynamic.163data.com.cn - High
241 58.37.10.220 220.10.37.58.broad.xw.sh.dynamic.163data.com.cn - High
242 58.37.11.99 99.11.37.58.broad.xw.sh.dynamic.163data.com.cn - High
243 58.49.58.93 - - High
244 58.49.59.139 - - High
245 58.49.59.219 - - High
246 58.52.195.170 - - High
247 58.56.33.27 - - High
248 58.56.102.67 - - High
249 58.57.100.34 - - High
250 58.58.55.178 - - High
251 58.58.71.238 - - High
252 58.58.178.99 - - High
253 58.59.12.99 - - High
254 58.59.53.242 - - High
255 58.59.54.78 - - High
256 58.64.128.29 - - High
257 58.64.200.213 - - High
258 58.64.204.8 - - High
259 58.119.16.100 - - High
260 58.119.18.4 - - High
261 58.119.67.1 - - High
262 58.210.174.78 - - High
263 58.211.55.206 - - High
264 58.215.65.19 - - High
265 58.215.65.57 - - High
266 58.215.65.60 - - High
267 58.215.65.83 - - High
268 58.216.164.70 - - High
269 58.218.66.83 - - High
270 58.218.66.184 - - High
271 58.218.200.31 - - High
272 58.218.200.63 - - High
273 58.218.204.196 - - High
274 58.218.213.253 - - High
275 58.220.2.94 - - High
276 58.220.24.47 - - High
277 58.220.24.52 - - High
278 58.220.24.62 - - High
279 58.220.24.81 - - High
280 58.220.24.91 - - High
281 58.220.30.12 - - High
282 58.220.41.50 - - High
283 58.220.41.52 - - High
284 58.220.46.51 - - High
285 58.220.46.52 - - High
286 58.220.109.222 - - High
287 58.220.200.142 - - High
288 58.220.248.189 - - High
289 58.221.59.48 - - High
290 58.221.60.109 - - High
291 58.221.161.78 - - High
292 58.221.249.38 - - High
293 58.229.194.121 - - High
294 58.229.194.122 - - High
295 58.232.55.7 - - High
296 58.232.55.8 - - High
297 58.240.9.11 - - High
298 58.241.150.125 - - High
299 58.241.230.77 - - High
300 58.242.154.54 - - High
301 58.244.181.154 154.181.244.58.adsl-pool.jlccptt.net.cn - High
302 58.255.77.20 - - High
303 59.11.209.168 - - High
304 59.11.209.178 - - High
305 59.31.61.107 - - High
306 59.38.100.36 - - High
307 59.39.180.50 - - High
308 59.44.175.19 - - High
309 59.45.27.187 - - High
310 59.45.79.40 - - High
311 59.46.0.18 18.0.46.59.broad.sy.ln.dynamic.163data.com.cn - High
312 59.46.115.170 - - High
313 59.46.143.70 - - High
314 59.47.232.84 - - High
315 59.47.232.115 - - High
316 59.47.232.119 - - High
317 59.48.172.222 222.172.48.59.broad.jc.sx.dynamic.163data.com.cn - High
318 59.48.174.6 - - High
319 59.48.242.6 6.242.48.59.broad.ll.sx.dynamic.163data.com.cn - High
320 59.53.63.36 - - High
321 59.53.63.49 - - High
322 59.54.54.226 - - High
323 59.57.13.92 - - High
324 59.60.31.210 - - High
325 59.63.163.45 - - High
326 59.63.163.112 - - High
327 59.63.163.200 - - High
328 59.63.163.216 - - High
329 59.63.166.43 - - High
330 59.63.200.69 - - High
331 59.103.138.87 - - High
332 59.120.154.13 59-120-154-13.hinet-ip.hinet.net - High
333 59.124.3.20 59-124-3-20.hinet-ip.hinet.net - High
334 59.148.18.46 059148018046.ctinets.com - High
335 59.173.12.120 - - High
336 59.173.12.193 - - High
337 59.175.145.171 - - High
338 59.175.148.84 - - High
339 59.175.148.92 - - High
340 59.188.69.212 - - High
341 59.188.251.145 - - High
342 60.5.90.175 - - High
343 60.5.92.47 - - High
344 60.5.93.147 - - High
345 60.5.157.128 - - High
346 60.6.206.44 - - High
347 60.8.55.27 hebei.8.60.in-addr.arpa - High
348 60.8.177.210 hebei.8.60.in-addr.arpa - High
349 60.8.177.242 hebei.8.60.in-addr.arpa - High
350 60.10.34.103 hebei.10.60.in-addr.arpa - High
351 60.11.9.112 - - High
352 60.11.123.50 - - High
353 60.12.105.13 mx2.sh.font-family.org - High
354 60.12.109.73 - - High
355 60.12.124.70 - - High
356 60.13.146.20 - - High
357 60.19.249.168 - - High
358 60.19.250.79 - - High
359 60.19.250.211 - - High
360 60.19.250.238 - - High
361 60.22.72.185 - - High
362 60.22.91.164 - - High
363 60.160.21.8 - - High
364 60.160.21.37 - - High
365 60.164.175.199 - - High
366 60.164.188.49 - - High
367 60.164.191.22 - - High
368 60.165.218.184 - - High
369 60.169.30.159 - - High
370 60.170.76.29 - - High
371 60.170.76.30 - - High
372 60.173.116.160 - - High
373 60.173.161.70 - - High
374 60.173.255.251 - - High
375 60.174.95.143 - - High
376 60.174.224.161 - - High
377 60.174.225.253 - - High
378 60.174.234.44 - - High
379 60.174.234.62 - - High
380 60.175.153.105 - - High
381 60.178.153.3 - - High
382 60.178.155.80 - - High
383 60.179.110.57 - - High
384 60.190.114.200 - - High
385 60.190.114.207 - - High
386 60.190.149.52 - - High
387 60.190.202.44 - - High
388 60.190.249.66 - - High
389 60.191.84.24 - - High
390 60.191.230.14 - - High
391 60.191.230.173 - - High
392 60.191.236.86 - - High
393 60.194.65.243 - - High
394 60.195.190.132 - - High
395 60.207.83.238 - - High
396 60.208.125.106 - - High
397 60.211.181.178 - - High
398 60.211.218.153 - - High
399 60.214.107.2 - - High
400 60.214.107.89 - - High
401 ... ... ... ...

There are 1602 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Purple Fox. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-22 Pathname Traversal High
2 T1055 CWE-74 Injection High
3 T1059 CWE-94 Cross Site Scripting High
4 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
5 ... ... ... ...

There are 14 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Purple Fox. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /admin/action/new-father.php High
2 File /admin/admin.php High
3 File /admin/edit_teacher.php High
4 File /admin/fields/manage_field.php High
5 File /admin_route/dec_service_credits.php High
6 File /admin_route/inc_service_credits.php High
7 File /api/sys/set_passwd High
8 File /app/api/controller/default/Sqlite.php High
9 File /arch/x86/mm/cpu_entry_area.c High
10 File /aux Low
11 File /bin/boa Medium
12 File /bsms_ci/index.php High
13 File /bsms_ci/index.php/user/edit_user/ High
14 File /cgi-bin/cstecgi.cgi High
15 File /cgi-bin/koha/catalogue/search.pl High
16 File /cgi/cpaddons_report.pl High
17 File /forum/away.php High
18 File /hedwig.cgi Medium
19 File /include/lang-en.php High
20 File /nagiosxi/admin/banner_message-ajaxhelper.php High
21 File /php/ping.php High
22 File /src/Illuminate/Laravel.php High
23 File /status/ Medium
24 File /sysmanage/updateos.php High
25 File /system/traceLog/page High
26 File /tmp/ppd.trace High
27 File /usr/bin/write High
28 File /var/spool/fax/outgoing/.last_run High
29 File 3G/UMTS Low
30 File 400.htm/500.htm High
31 File abitwhizzy.php High
32 File acc.php Low
33 File Account.asp Medium
34 File accton Low
35 File adclick.php Medium
36 File add-category.php High
37 File addressbook.update.php High
38 File add_comment.php High
39 File add_post.php3 High
40 File admin/auth.php High
41 File admin/change-password.php High
42 File admin/contact.php High
43 File admin/index.php High
44 File admin/patient-search.php High
45 File admin/picture/picture_real_edit.asp High
46 File admin/query-details.php High
47 File admin/tool/policy/classes/output/page_viewalldoc.php High
48 File apexec.pl Medium
49 File app\xml_cdr\xml_cdr_delete.php High
50 File ArchivesMapper.xml High
51 File assets/sources/instagram.php High
52 File attendance_report.php High
53 File authinfo.java High
54 File avatar.php Medium
55 File backup_xi.sh Medium
56 File bb-includes/formatting-functions.php High
57 File BBStore.php Medium
58 File board.php Medium
59 File books.php Medium
60 File brokenlink.php High
61 ... ... ...

There are 532 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2024 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!