PurpleFox Adds New Backdoor That Uses WebSockets Threat Intelligence Analyst Director, MDR Operations Threat Intelligence Analyst

AWS Feed
PurpleFox Adds New Backdoor That Uses WebSockets Threat Intelligence Analyst Director, MDR Operations Threat Intelligence Analyst

In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related to a PurpleFox operator. Our findings led us to investigate an updated PurpleFox arsenal, which included an added vulnerability (CVE-2021-1732) and optimized rootkit capabilities leveraged in their attacks.