Purple Fox EK: New CVEs, Steganography, and Virtualization Added to Attack Flow
released on 2020-10-19 @ 07:48:46 PM
In recent weeks, Sentinel Labs has seen a spike in the number of attempts to attack vulnerable versions of Internet Explorer by actors leveraging the Purple Fox exploit kit. Sentinel Labs investigations reveal that Purple Fox has iterated to include use of two recent CVEs - CVE-2020-1054 and CVE-2019-0808-through publicly-available exploit code. Additionally, Sentinel Labs has noticed other changes to their attack flow that allow them to better circumvent firewall protections and some detection tools by adopting steganography and obscuring malicious code with code virtualization technologies.