ET MALWARE [ANY.RUN] zgRAT / PureLogs Stealer Data Exfiltration Attempt M1

SID: 2048900Rev: 146 views
History
Sourceet/open
CreatedOctober 25, 2023
UpdatedDecember 28, 2023
Classificationtrojan-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE [ANY.RUN] zgRAT / PureLogs Stealer Data Exfiltration Attempt M1"; flow:established,to_server; content:"|c3 14 e7 23 f3 4a 30 c4 c3 14 e7 23 f3 4a 30 c4 c3 14 e7 23 f3 4a 30 c4|"; fast_pattern; threshold:type limit, track by_src, seconds 360, count 1; reference:md5,2df2d284d6acb134a4af9418117c6149; reference:url,app.any.run/tasks/babf3e14-a0f6-4d13-ac88-d75af6775b60; reference:url,community.emergingthreats.net/t/purelogs-stealer/1059/; classtype:trojan-activity; sid:2048900; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2023_10_25, deployment Perimeter, malware_family zgRAT, malware_family PureLogs_Stealer, performance_impact Low, confidence High, signature_severity Major, tag Stealer, tag InfoStealer, updated_at 2023_12_28; target:src_ip;)

References

md5
2df2d284d6acb134a4af9418117c6149
Google SearchBrave Search
urlapp.any.run/tasks/babf3e14-a0f6-4d13-ac88-d75af6775b60
urlcommunity.emergingthreats.net/t/purelogs-stealer/1059/

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit
attack targetClient_and_Server
created at2023_10_25
deploymentPerimeter
malware familyPureLogs_Stealer
performance impactLow
confidenceHigh
signature severityMajor
tagInfoStealer
updated at2023_12_28

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!