Trending

#PureLogs

Latest posts tagged with #PureLogs on Bluesky

Latest Top
Trending
#MJF Tribute #WBC #Javier Bardem #Marty Supreme #Andrade #Jessie Buckley #Academy Awards #MBJ #Autumn Durald Arkapaw #Wallace #MJF Tribute #WBC #Javier Bardem #Marty Supreme #Andrade #Jessie Buckley #Academy Awards #MBJ #Autumn Durald Arkapaw #Wallace

Posts tagged #PureLogs

The Daily Tech Feed
The Daily Tech Feed
@thedailytechfeed.com
1 month ago
Post image

Cybercriminals are embedding PURELOGS malware in PNG files to evade detection. Stay vigilant against sophisticated phishing attacks. #CyberSecurity #Malware #PURELOGS #Phishing Link: thedailytechfeed.com/cybercrimina...

0 0 0 0
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec.infosec.exchange.ap.brid.gy
7 months ago
Directory listing on vastkupan.com with New PO 102456688.exe

Directory listing on vastkupan.com with New PO 102456688.exe

UPDATE: Turns out the whole /wp-admin/js/ directory on VΓ€stkupan's website allows directory listing. Among the files in that directory is "New PO 102456688.exe", which drops #PureLogs.
πŸ”₯ MD5: b2647b263c14226c62fe743dbff5c70a
πŸ”₯ C2: 147.124.219.201:65535
https://netresec.com/?b=257eead

0 0 0 0
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec.infosec.exchange.ap.brid.gy
7 months ago
Transcript of PureLogs (or PureCrypter) C2 traffic to 65.108.24.103:62050

Transcript of PureLogs (or PureCrypter) C2 traffic to 65.108.24.103:62050

Do #PureLogs Stealer and #PureCrypter use the same C2 protocol, or is there some way to tell the C2 protocols apart?
C2 servers:
πŸ”₯ 45.141.233.100:7708
πŸ”₯ 144.172.91.74:7709
πŸ”₯ 62.60.235.100:9100
πŸ”₯ 65.108.24.103:62050
πŸ”₯ 91.92.120.102:62050
πŸ”₯ 192.30.240.242:62520

0 0 2 0
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec.infosec.exchange.ap.brid.gy
7 months ago
Preview
@netresec

Two more #PureLogs Stealer DLL files found on vastkupan[.]com. The original blog post has been updated.
https://netresec.com/?b=257eead

0 0 1 0
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec.com
8 months ago
Preview
PureLogs Forensics I analyzed some PureLogs malware infections this morning and found some interesting behavior and artifacts that I want to share. PureLogs infections sometimes start with a dropper/downloader that retr...

πŸ’§ Dropper connects to legitimate website
πŸ“„ Fake PDF is downloaded over HTTPS
πŸ’Ύ Fake PDF is decrypted to a #PureLogs DLL
βš™οΈ InstallUtil.exe or RegAsm.exe is started
πŸ’‰ PureLogs DLL is injected into the running process
πŸ‘Ύ PureLogs connects to C2 server
netresec.com?b=257eead

3 0 0 0
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec.infosec.exchange.ap.brid.gy
8 months ago
Original post on infosec.exchange

PureLogs Forensics
πŸ’§ Dropper connects to legitimate website
πŸ“„ A fake PDF is downloaded over HTTPS
πŸ’Ύ The fake PDF is decrypted to a #PureLogs DLL
βš™οΈ InstallUtil.exe or RegAsm.exe is started.
πŸ’‰ PureLogs DLL is injected into the running process
πŸ‘Ύ PureLogs connects to C2 server

IOC List
πŸ”₯ 91.92.120 […]

0 0 0 0
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec.com
9 months ago
Preview
Detecting PureLogs traffic with CapLoader CapLoader includes a feature for Port Independent Protocol Identification (PIPI), which can detect which protocol is being used inside of TCP and UDP sessions without relying on the port number. In th...

Video: Detecting #PureLogs C2 traffic with #CapLoader
netresec.com?b=256a8c4

5 3 0 0
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec.infosec.exchange.ap.brid.gy
9 months ago
Preview
@netresec

Video: Detecting #PureLogs traffic with #CapLoader
https://netresec.com/?b=256a8c4

0 1 0 0