nuclei-templates/ssl/c2/asyncrat-c2.yaml

29 lines
1.3 KiB
YAML
Raw Permalink Normal View History

2023-06-13 15:42:01 +00:00
id: asyncrat-c2
info:
2023-06-13 18:12:27 +00:00
name: AsyncRAT C2 - Detect
2023-06-13 15:42:01 +00:00
author: johnk3r
severity: info
description: |
AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.
reference: |
https://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat
metadata:
verified: "true"
2023-10-14 11:27:55 +00:00
max-request: 1
2023-06-13 15:42:01 +00:00
shodan-query: ssl:"AsyncRAT Server"
2023-06-13 18:12:27 +00:00
censys-query: services.tls.certificates.leaf_data.issuer.common_name:AsyncRat
2024-01-14 09:21:50 +00:00
tags: c2,ssl,tls,ir,osint,malware,asyncrat
2023-06-13 15:42:01 +00:00
ssl:
- address: "{{Host}}:{{Port}}"
matchers:
- type: word
part: issuer_cn
words:
- "AsyncRAT Server"
extractors:
- type: json
json:
- " .issuer_cn"
# digest: 4a0a00473045022100c59847c783270837ebb9b2cebee01b561be5ea05cd2616a58b88b06a29504c080220279339a3be2b66697a10fbe80acc53ebafc888777a7f1975fc7194b72d78911e:922c64590222798bb761d5b6d8e72950