PurpleFox

PurpleFox SMB worm 2018 Genie. openclaw loader lure. 103.118.255.239:8888/wj/1.jpg JPEG payload camouflage. app.cc-coins.xyz. UAC bypass.

Threat Profile
Type Rootkit
Programming LanguageC/C++
C2 ProtocolHTTP
First Seen2018
Targets Cin/Asya
Purpose / Capabilities
  • Rootkit+Miner

C2 Servers 2

Address Port Protocol Status Action
103.118.255.239
8888 HTTP INACTIVE
app.cc-coins.xyz
80 HTTP INACTIVE

⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.

Research Reports (2)

Critical

PurpleFox -- openclaw İnstallation Lure, 103.118.255.239:8888/wj/1.jpg JPEG Payload Kamuflajı | Kritik

PurpleFox 1.6MB openclaw installation.exe oyun lure. 103.118.255.239:8888/wj/1.jpg dropper JPEG kamuflaj. app.cc-coins.xyz.

Read Report →
High

PurpleFox -- 3.6MB Cinlere Yonelik MSI, Sifreleme Uzantilari, C2 Config | Yüksek

PurpleFox 3.6MB Çince dil paketi MSI kamuflajı. Şifreli uzantılar. C2 config fragmentleri.

Read Report →