2021-01-05 (TUESDAY) - PURPLEFOX EK PUSHES NUGGETPHANTOM MALWARE

NOTICE:

ASSOCIATED FILES

  • 2021-01-05-IOCs-from-PurpleFox-EK-and-NuggetPhantom.txt   (2,822 bytes)
  • 2021-01-05-PurpleFox-EK-and-post-infection-traffic.pcap   (9,546,691 bytes)
  • 2021-01-05-ET-alerts-for-PurpleFox-EK-infection.jpg   (2,344,062 bytes)
  • 2021-01-05-ET-alerts-for-PurpleFox-EK-infection.txt   (6,574 bytes)
  • 2021-01-05-mythinkenergy.club--key-F6A5DDD7C719FB934.txt   (30,884 bytes)
  • 2021-01-05-mythinkenergy.club-base64.min.js.txt   (215 bytes)
  • 2021-01-05-rawcdn.githack.com-M0021.cab.bin   (1,941,603 bytes)
  • 2021-01-05-rawcdn.githack.cyou-M002.jpg.bin   (1,019,904 bytes)
  • 2021-01-05-rawcdn.githack.cyou-up.php-key-5.txt   (31,499 bytes)
  • 2021-01-05-rawcdn.githack.cyou-up.php-key-6.bin   (1,019,904 bytes)
  • 2021-01-05-rawcdn.githack.cyou-up.php-key-8.txt   (719,288 bytes)

NOTES:

 

IMAGES


Shown above:  Alerts from Sguil in Security Onion using Suricata and the EmergingThreats Pro (ETPRO) ruleset.  Click on the above picture for a higher-resolution image.

 


Shown above:  Traffic from the infection filtered in Wireshark.  Click on the above picture for a higher-resolution image.

 


Shown above:  Filtering in Wireshark to show scanning targeting TCP port 445.  Click on the above picture for a higher-resolution image.

 

Click here to return to the main page.