Detecting PureLogs traffic with CapLoader
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
CapLoader's Port Independent Protocol Identification feature can now detect the C2 protocol used by PureLogs Stealer malware without relying on port numbers. This capability was added in the recent 2.0 release. The blog post demonstrates this functionality using a PCAP file from malware-traffic-analysis.net. It highlights CapLoader's ability to identify protocols in TCP and UDP sessions, enhancing network security monitoring and forensics. The post also provides indicators of compromise, including a domain and IP address associated with PureLogs traffic.
OPENCTI LABELS :
purelogs stealer,purelogs,c2 traffic,caploader,pipi,stealer malware,protocol identification,network forensics
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Detecting PureLogs traffic with CapLoader