Author Topic: Does Rogus Killer guard against Purple Fox Roootkit / Worm?  (Read 3139 times)

0 Members and 1 Guest are viewing this topic.

March 27, 2021, 05:26:23 PM

Reply #1March 28, 2021, 11:29:35 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Does Rogus Killer guard against Purple Fox Roootkit / Worm?
« Reply #1 on: March 28, 2021, 11:29:35 PM »
Hi Mark,

Welcome to Adlice.com forum.

We were not able to get any Purple Fox malware payloads, so I can't answer you with certainty.
However, I can provide you some insights at what point, RogueKiller will trigger an alert. I will refer to the Guardicore tehnical as a reference.

The MSI/MOE installer being launched from a SMB drive will normally be detected as [Suspicious.Path].
The encrypted file containing the rootkit will be detected by MalPE, our heuristic engine.

Unfortunately, Guardicore does not provide any indication about the DLL payloads (winupdate64/winupdate32), so I don't have any clue about them.

Regards.