Versions (3)
Version DetailsCurrent
Rev: 1 • Jun 27, 2025, 12:00 PMET MALWARE zgRAT / PureLogs Stealer C2 Server Connection M3
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE zgRAT / PureLogs Stealer C2 Server Connection M3"; flow:established,to_server; stream_size:client,=,38; content:"|04 20 00 00 00|"; fast_pattern; startswith; byte_jump:4,1, from_beginning, little, post_offset 4; isdataat:!2,relative; threshold:type limit, track by_src, seconds 360, count 1; reference:md5,d2c7a610447b218577c31acdf008070b; reference:url,app.any.run/tasks/4898fff4-38e2-4c59-8eca-96611bdc3d77; classtype:trojan-activity; sid:2063215; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Windows_11, attack_target Client_and_Server, tls_state plaintext, created_at 2025_06_27, deployment Perimeter, malware_family zgRAT, malware_family PureLogs, malware_family PureLogs_Stealer, performance_impact Moderate, confidence Medium, signature_severity Major, tag Stealer, tag InfoStealer, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_06_27, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel; target:src_ip;)
Jun 27, 2025, 12:00 PM
Jun 27, 2025, 12:00 PM
Jun 27, 2025, 8:34 PM
Aug 4, 2025, 11:35 PM
rules/emerging-malware.rules