ET MALWARE PureLogs Backdoor Client GZIP C2 Traffic
Sourceet/open
Fileemerging-malware.rules
CreatedApril 16, 2025
UpdatedApril 16, 2025
Classificationtrojan-activity
alert tcp $HOME_NET any -> any any (msg:"ET MALWARE PureLogs Backdoor Client GZIP C2 Traffic"; flow:established,to_server ; byte_extract:4,0,size ; content:"|1f 8b 08 00 00 00 00 00 04 00|"; offset:4; depth:10; byte_jump:0,0,from_end,post_offset -4 ; byte_test:4,=,size,0,relative ; reference:url,app.any.run/tasks/8c40a9d2-dc92-48ba-b75e-616f1a230000 ; classtype:trojan-activity; sid:2061634; rev:1; metadata:attack_target Client_Endpoint, tls_state plaintext, created_at 2025_04_16, deployment Perimeter, confidence High, signature_severity Major, updated_at 2025_04_16; target:src_ip;)
Metadata
attack targetClient_Endpoint
tls stateplaintext
created at2025_04_16
deploymentPerimeter
confidenceHigh
signature severityMajor
updated at2025_04_16
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!