# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/purple-fox-fileless-malware-with-rookit-component-delivered-by-rig-exploit-kit-now-abuses-powershell/
# Reference: https://documents.trendmicro.com/assets/appendix-purple-fox-fileless-malware-with-rookit-component-delivered-by-rig-exploit-kit-now-abuses%20powershell.pdf
# Reference: https://otx.alienvault.com/pulse/5d77a74893cf13ee33a1000f

http://141.98.216.130
jeitacave.org
brownsine.com
zopso.org

# Reference: https://wemp.app/posts/378f9dd9-88ef-4de2-8305-11a937894b0e?utm_source=bottom-latest-posts
# Reference: https://app.any.run/tasks/4ce2ec22-8fc6-4e2f-b480-c66ff511bdd3/
# Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.purplefox

gk.vwxqv.xyz
bk.xdzxxf.xyz

# Reference: http://www.rewterz.com/rewterz-news/rewterz-threat-alert-purple-fox-trojan-iocs

es.ldbdhm.xyz

# Generic

/sqlexec/
/SMB1.jpg
/SMB2.jpg
/SMB3.jpg
