31 lines
844 B
YAML
31 lines
844 B
YAML
|
id: covenant-c2
|
||
|
|
|
||
|
|
info:
|
||
|
name: Covenant C2 - Detect
|
||
|
|
author: pussycat0x
|
||
|
|
severity: info
|
||
|
|
description: |
|
||
|
|
Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier,and serve as a collaborative command and control platform for red teamers.
|
||
|
|
reference: |
|
||
|
|
https://www.socinvestigation.com/shodan-filters-to-hunt-adversaries-infrastructure-and-c2/
|
||
|
|
metadata:
|
||
|
|
verified: true
|
||
|
|
shodan-query: ssl:”Covenant” http.component:”Blazor”
|
||
|
|
tags: c2,ir,osint,covenant
|
||
|
|
|
||
|
|
requests:
|
||
|
|
- method: GET
|
||
|
|
path:
|
||
|
|
- '{{BaseURL}}/covenantuser/login'
|
||
|
|
|
||
|
|
matchers-condition: and
|
||
|
|
matchers:
|
||
|
|
- type: word
|
||
|
|
part: body
|
||
|
|
words:
|
||
|
|
- '<title>Covenant - Login</title>'
|
||
|
|
|
||
|
|
- type: status
|
||
|
|
status:
|
||
|
|
- 200
|