Tag: purelogs stealer

CapLoader's Port Independent Protocol Identification feature can now detect the C2 protocol used by PureLogs Stealer malware without relying on port numbers. This capability was added in the recent 2.0 release. The blog post demonstrates this functionality using a PCAP file from malware-traffic-ana…

eSentire's Threat Response Unit (TRU) uncovered a malware campaign affecting a government customer. The infection involved multiple threats - XWorm, VenomRAT, PureLogs Stealer, and AsyncRAT - hosted on a TryCloudflare WebDAV server. The initial vector was a phishing email with a malicious ZIP file.…