nuclei-templates/ssl/c2/bitrat-c2.yaml

28 lines
1.0 KiB
YAML
Raw Normal View History

2023-06-14 14:21:21 +00:00
id: bitrat-c2
info:
name: Bitrat C2 - Detect
author: pussycat0x
severity: info
description: |
BitRAT is a fairly recent, notorious remote access trojan (RAT) marketed on underground cybercriminal web markets and forums since Feb 2021. The RAT is particularly well known for its social media presence and functionality such as: Data exfiltration. Execution of payloads with bypasses.
reference: |
https://github.com/thehappydinoa/awesome-censys-queries#bitrat--
metadata:
verified: "true"
2023-10-14 11:27:55 +00:00
max-request: 1
censys-query: 'services.tls.certificates.leaf_data.subject.common_name: "BitRAT"'
2024-01-14 09:21:50 +00:00
tags: ssl,tls,c2,ir,osint,malware,bitrat
2023-06-14 14:21:21 +00:00
ssl:
- address: "{{Host}}:{{Port}}"
matchers:
- type: word
part: issuer_cn
words:
- "BitRAT"
extractors:
- type: json
json:
- ".issuer_cn"
# digest: 4a0a00473045022100bdd453442ab3f34b625e37e15cb5adb380e25986a7a1023ca9c07f341f2580a80220219f925fe1fc97058984589c624c7ef3e9a39939633da66269e797a46d53bb12:922c64590222798bb761d5b6d8e72950