Rule History

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE [ANY.RUN] zgRAT / PureLogs Stealer Data Exfiltration Attempt M1"; flow:established,to_server; content:"|c3 14 e7 23 f3 4a 30 c4 c3 14 e7 23 f3 4a 30 c4 c3 14 e7 23 f3 4a 30 c4|"; fast_pattern; threshold:type limit, track by_src, seconds 360, count 1; reference:md5,2df2d284d6acb134a4af9418117c6149; reference:url,app.any.run/tasks/babf3e14-a0f6-4d13-ac88-d75af6775b60; reference:url,community.emergingthreats.net/t/purelogs-stealer/1059/; classtype:trojan-activity; sid:2048900; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2023_10_25, deployment Perimeter, malware_family zgRAT, malware_family PureLogs_Stealer, performance_impact Low, confidence High, signature_severity Major, tag Stealer, tag InfoStealer, updated_at 2023_12_28; target:src_ip;)