{ "name": "Copyright Lures Mask a Multi-Stage PureLog Stealer Attack on Key Industries", "slug": "copyright-lures-mask-a-multi-stage-purelog-stealer-attack-on-key-industries", "description": "A sophisticated malware campaign delivering PureLog Stealer has been identified, targeting healthcare, government, hospitality, and education sectors in multiple countries. The attack uses localized copyright violation lures to trick victims into executing a multi-stage infection chain. The malware employs encrypted payloads, remote key retrieval, and fileless execution techniques to evade detection. It utilizes a Python-based loader and dual .NET loaders to run PureLog Stealer entirely in memory. The campaign incorporates AMSI bypass, registry persistence, screenshot capture, and victim fingerprinting for stealth and intelligence gathering. Evidence confirms communication with PureLog-associated infrastructure.", "published": "2026-03-20T08:13:38.405000+00:00", "created_at": "2026-03-20T08:46:18.595000+00:00", "modified_at": "2026-03-20T07:46:18+00:00", "created_at_opencti": "2026-03-20T08:46:18.595000+00:00", "author": "AlienVault", "confidence": 100, "report_types": [ "threat-report" ], "labels": [ "copyright lure", "evasion techniques", "fileless execution", "information theft", "multi-stage attack", "purelog stealer", "targeted campaign" ], "tags": [ "2026-03-20", "copyright lure", "evasion techniques", "fileless execution", "information theft", "multi-stage attack", "purelog stealer", "targeted campaign" ], "related_entities": { "indicators": [ { "id": "4710708b-4f40-42a8-a6d0-d8fed6af3626", "name": "mh.bestshopingday.com" }, { "id": "c304d45a-80f2-4823-924c-fc1cb755c7ff", "name": "64.40.154.96" }, { "id": "fa2b6dea-c455-46a5-922a-ae2cf5a6fed7", "name": "http://quickdocshare.com/DQ" }, { "id": "88d63bbb-2709-425c-b52d-51a4b2a02343", "name": "https://cdn.eideasrl.it/Notice%20of%20Alleged%20Violation%20of%20Intellectual%20Property%20Rights_1770380091603.zip" }, { "id": "5767dd2a-8c92-4a1f-9072-8ef996c17579", "name": "logs.bestshopingday.com" }, { "id": "ed941fa9-ce87-4d81-9111-49afab267642", "name": "68c926af0d796a80fcaee24774b1ca0a2c393c3a0e30650c4d2d7965736043ca" }, { "id": "207254a8-3a27-4822-9939-6197251bac4f", "name": "ac591adea9a2305f9be6ae430996afd9b7432116f381b638014a0886a99c6287" }, { "id": "b0dbe0ea-c4d0-4b4b-b9fc-c1cc1b87e502", "name": "https://quickdocshare.com/DQ" }, { "id": "b0e22b18-57d7-4bcc-b436-7698db5d8035", "name": "dq.bestshoppingday.com" }, { "id": "4c88bcbd-3873-4778-b1b8-f5e4d64301bb", "name": "e675bc054481bdca6f8cd1d561869e18712dc05a42e5c24b9add7679efc7faf6" }, { "id": "048a9ea2-1404-4baf-a4e0-9e49cea7407d", "name": "166.0.184.127" }, { "id": "4c2ef66d-9733-4f34-9773-7da71d91be04", "name": "35efc4b75a1d70c38513b4dfe549da417aaa476bf7e9ebd00265aaa8c7295870" }, { "id": "f43927ae-3329-4437-a578-71ec922ef811", "name": "https://transfer.af-k.de:443/webdownload?deliveryUuid=a43da640-777f-40c0-95de-64987150c869" }, { "id": "9d63a78e-a775-4acb-96bc-f32aa302cf34", "name": "quickdocshare.com" }, { "id": "e8ef600d-9107-40b8-a3ec-d00ff5a86c0f", "name": "logs.bestsaleshoppingday.com" }, { "id": "3ccbbb60-d0db-4af6-873a-e7ca532bd09e", "name": "https://quickdocshare.com/DQ/key" }, { "id": "15090e1b-1cdd-420e-82f3-cf0bf54d52cc", "name": "cdn.eideasrl.it" }, { "id": "624febf7-062f-49eb-b501-db9c30c44652", "name": "transfer.af-k.de" } ], "attack_patterns": [ { "id": "c473a756-355a-42ad-a0df-cd3a8fa006d1", "name": "T1057" }, { "id": "6ccd4566-e15e-40cf-b7df-4a3f737ce5cd", "name": "T1036.005" }, { "id": "32817170-4c07-427e-b8a5-80a733ae2550", "name": "T1497" }, { "id": "93b2c4dd-5523-4464-8976-78754ee372fd", "name": "T1012" }, { "id": "c3af9fd7-d307-4df4-9220-cc627938fb85", "name": "T1055" }, { "id": "667462db-9031-48eb-893a-05d35f9330a7", "name": "T1056.001" }, { "id": "c9ee9b30-ba84-4c24-95e9-e8242d42af3f", "name": "T1071.001" }, { "id": "32b33067-6566-4b8d-be80-e96f765d84de", "name": "T1059.001" }, { "id": "09124a92-c11f-4571-b35b-ab0bce6dd081", "name": "T1112" }, { "id": "6a8eba2e-51b0-4b6e-a733-a581dcbf4806", "name": "T1027.004" }, { "id": "81b422de-709e-43bd-b471-2befac0c623a", "name": "T1218.011" }, { "id": "0c836307-129e-4ff7-a532-180c633cacba", "name": "T1027" }, { "id": "5999052b-e9ae-49e8-9235-d9bf975c22af", "name": "T1547.001" }, { "id": "c22b5073-f426-4294-98bb-219d17345158", "name": "T1553.002" }, { "id": "0156fcda-e385-4662-b388-086c3e16feec", "name": "T1140" }, { "id": "e1b18ecf-d74e-4fe6-9bd4-ca6a62e7d818", "name": "T1027.002" }, { "id": "8e0fea81-4d54-4e88-a7dd-3aa8b26558ed", "name": "T1113" }, { "id": "70616b2f-4019-4963-b758-5d9f6f20e201", "name": "T1082" } ], "malware": [ { "id": "6347144f-10f9-41d5-b1d7-8ac014347952", "name": "PureLog Stealer", "slug": "purelog-stealer" } ], "observables": [ { "id": "3e5789de-63c8-413f-be55-84e120af0edd", "name": "quickdocshare.com" }, { "id": "3cc98e1f-de4a-4638-9a33-edde3565eac3", "name": "cdn.eideasrl.it" }, { "id": "3e2c667a-fde3-4c8b-be5f-9711f9f50809", "name": "logs.bestsaleshoppingday.com" }, { "id": "1d630b16-9028-41ff-82ce-2f311408b7ed", "name": "dq.bestshoppingday.com" }, { "id": "2545ac4f-2b5d-4317-adbc-50c498212379", "name": "mh.bestshopingday.com" }, { "id": "2ba67f67-fb19-4f25-99fb-cc1621423300", "name": "logs.bestshopingday.com" }, { "id": "5cddc9fe-16e8-4885-9319-764d244711ea", "name": "transfer.af-k.de" }, { "id": "a03f1b33-189f-4f27-b87e-ba4b7b2ccdfe", "name": "64.40.154.96" }, { "id": "6f7c8680-67f0-49e4-81ec-b0de7f24bff1", "name": "166.0.184.127" }, { "id": "b0336f33-27ce-49cb-9b09-9ff8f654d01c", "name": "http://quickdocshare.com/DQ" }, { "id": "48d9977d-9cb2-41c3-9a92-0b5c8e7bba32", "name": "https://cdn.eideasrl.it/Notice%20of%20Alleged%20Violation%20of%20Intellectual%20Property%20Rights_1770380091603.zip" }, { "id": "0d042a61-52d9-4846-bc2c-42847b6f2aaa", "name": "https://quickdocshare.com/DQ/key" }, { "id": "27e2bf9c-ffff-42a0-a11c-816b5e7be8a6", "name": "https://quickdocshare.com/DQ" }, { "id": "e873a444-8956-483e-91fd-c743aa02dca1", "name": "https://transfer.af-k.de:443/webdownload?deliveryUuid=a43da640-777f-40c0-95de-64987150c869" }, { "id": "", "name": "68c926af0d796a80fcaee24774b1ca0a2c393c3a0e30650c4d2d7965736043ca" }, { "id": "", "name": "ac591adea9a2305f9be6ae430996afd9b7432116f381b638014a0886a99c6287" }, { "id": "", "name": "e675bc054481bdca6f8cd1d561869e18712dc05a42e5c24b9add7679efc7faf6" }, { "id": "", "name": "35efc4b75a1d70c38513b4dfe549da417aaa476bf7e9ebd00265aaa8c7295870" } ], "others": [ { "id": "", "name": "Australia" }, { "id": "", "name": "Germany" }, { "id": "", "name": "Canada" }, { "id": "", "name": "United States of America" }, { "id": "", "name": "Education" }, { "id": "", "name": "Health" }, { "id": "", "name": "Hospitality" }, { "id": "", "name": "Government" }, { "id": "", "name": "mh.bestshopingday.com" }, { "id": "", "name": "logs.bestshopingday.com" }, { "id": "", "name": "dq.bestshoppingday.com" }, { "id": "", "name": "quickdocshare.com" }, { "id": "", "name": "logs.bestsaleshoppingday.com" }, { "id": "", "name": "cdn.eideasrl.it" }, { "id": "", "name": "transfer.af-k.de" } ] }, "external_refs": [ { "id": "33e2db1e-6f6b-4c28-ad31-35ec9b246edb", "standard_id": "external-reference--6679fa92-3598-5691-bcc9-6abc03a55d42", "entity_type": "External-Reference", "source_name": "AlienVault", "description": null, "url": "https://otx.alienvault.com/pulse/69bd01b20154ae405e9187fe", "hash": null, "external_id": "69bd01b20154ae405e9187fe", "created": "2026-03-20T08:46:18.451Z", "modified": "2026-03-20T08:46:18.451Z", "createdById": null }, { "id": "1777af61-00e1-4035-bbd8-24c680d00651", "standard_id": "external-reference--d745811a-17e5-5f42-b888-51a131747c41", "entity_type": "External-Reference", "source_name": "AlienVault", "description": null, "url": "https://www.trendmicro.com/en_us/research/26/c/copyright-lures-mask-a-multistage-purelog-stealer-attack.html", "hash": null, "external_id": null, "created": "2026-03-20T08:46:18.508Z", "modified": "2026-03-20T08:46:18.508Z", "createdById": null } ] }