Dirtymoe

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
DirtyMoe, also known as PurpleFox, is a complex and rapidly growing malware that has been designed as a modular system. It was initially detected in 2020 with 10,000 infected systems, but by the first half of 2021, it had expanded to over 100,000 infections, according to researchers from Avast. The malware's operations changed significantly towards the end of 2020 when its authors added a worm module, enabling it to spread via the internet to other Windows systems. The DirtyMoe rootkit is typically delivered through malspam campaigns or malicious sites hosting the PurpleFox exploit kit, which triggers vulnerabilities in Internet Explorer, such as the CVE-2020-0674 scripting engine memory corruption vulnerability. In Ukraine, the Computer Emergency Response Team (CERT-UA) has issued a warning about a malware campaign that has already infected at least 2,000 computers in the country with DirtyMoe. This alert came following a massive damage to a state-owned enterprise's computer systems caused by this malicious program. CERT-UA has taken measures to provide practical assistance to mitigate the impact of this cyber threat, guided by Clause 1 of Article 9 of the Law of Ukraine "On the Basic Principles of Ensuring Cyber ​​Security of Ukraine". The removal of DirtyMoe components presents a significant challenge due to the use of the rootkit, prompting CERT-UA to share technical details about the ongoing campaign, tracked as UAC-0027. The malware can infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, DirtyMoe can steal personal information, disrupt operations, or even hold data hostage for ransom, posing serious threats to both individual users and organizations.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dirtymoe Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
4 months ago
PurpleFox malware infected at least 2,000 computers in Ukraine