ET MALWARE [ANY.RUN] zgRAT / PureLogs Stealer C2 Connection M1
Sourceet/open
CreatedOctober 25, 2023
UpdatedDecember 28, 2023
Classificationtrojan-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET 62520 (msg:"ET MALWARE [ANY.RUN] zgRAT / PureLogs Stealer C2 Connection M1"; flow:established,to_server; stream_size:client,=,53; content:"|30 00 00 00|"; fast_pattern; byte_jump:4,0, from_beginning, little, post_offset 3; isdataat:!2,relative; threshold:type limit, track by_src, seconds 360, count 1; reference:md5,2df2d284d6acb134a4af9418117c6149; reference:url,app.any.run/tasks/babf3e14-a0f6-4d13-ac88-d75af6775b60; reference:url,community.emergingthreats.net/t/purelogs-stealer/1059/; classtype:trojan-activity; sid:2048902; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2023_10_25, deprecation_reason Performance, malware_family zgRAT, malware_family PureLogs_Stealer, performance_impact Significant, confidence High, signature_severity Major, tag Stealer, tag InfoStealer, updated_at 2023_12_28, reviewed_at 2023_10_25; target:src_ip;)
References
| md5 | 2df2d284d6acb134a4af9418117c6149 |
| url | app.any.run/tasks/babf3e14-a0f6-4d13-ac88-d75af6775b60 |
| url | community.emergingthreats.net/t/purelogs-stealer/1059/ |
Metadata
affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit
attack targetClient_and_Server
created at2023_10_25
deprecation reasonPerformance
malware familyPureLogs_Stealer
performance impactSignificant
confidenceHigh
signature severityMajor
tagInfoStealer
updated at2023_12_28
reviewed at2023_10_25
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!