ET MALWARE zgRAT / PureLogs Stealer GZIP Exfiltration Outbound

SID: 2061601Rev: 184 views
History
Sourceet/open
CreatedApril 15, 2025
UpdatedApril 15, 2025
Classificationtrojan-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET 5555 (msg:"ET MALWARE zgRAT / PureLogs Stealer GZIP Exfiltration Outbound"; flow:established,to_server; tcp.flags:A; content:"|1f 8b 08 00|"; offset:4; depth:4; reference:url,x.com/Jane_0sint/status/1911844767186436550; classtype:trojan-activity; sid:2061601; rev:1; metadata:attack_target Client_Endpoint, tls_state plaintext, created_at 2025_04_15, deployment Perimeter, malware_family zgRAT, malware_family PureLogs_Stealer, confidence Medium, signature_severity Major, tag Stealer, tag InfoStealer, updated_at 2025_04_15; target:src_ip;)

References

urlx.com/Jane_0sint/status/1911844767186436550

Metadata

attack targetClient_Endpoint
tls stateplaintext
created at2025_04_15
deploymentPerimeter
malware familyPureLogs_Stealer
confidenceMedium
signature severityMajor
tagInfoStealer
updated at2025_04_15

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!