Rule History

SID: 2061601 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 1 • Apr 15, 2025, 12:00 PM

Message:

ET MALWARE zgRAT / PureLogs Stealer GZIP Exfiltration Outbound

Rule:

alert tcp $HOME_NET any -> $EXTERNAL_NET 5555 (msg:"ET MALWARE zgRAT / PureLogs Stealer GZIP Exfiltration Outbound"; flow:established,to_server; tcp.flags:A; content:"|1f 8b 08 00|"; offset:4; depth:4; reference:url,x.com/Jane_0sint/status/1911844767186436550; classtype:trojan-activity; sid:2061601; rev:1; metadata:attack_target Client_Endpoint, tls_state plaintext, created_at 2025_04_15, deployment Perimeter, malware_family zgRAT, malware_family PureLogs_Stealer, confidence Medium, signature_severity Major, tag Stealer, tag InfoStealer, updated_at 2025_04_15; target:src_ip;)

Created:

Apr 15, 2025, 12:00 PM

Updated:

Apr 15, 2025, 12:00 PM

DB Created:

Apr 15, 2025, 9:34 PM

DB Updated:

Aug 4, 2025, 11:35 PM

Filename:

rules/emerging-malware.rules