2023-06-14 13:05:08 +00:00
id : quasar-rat-c2
info :
2023-06-14 14:37:08 +00:00
name : Quasar RAT C2 SSL Certificate - Detect
2023-11-04 13:25:55 +00:00
author : johnk3r,pussycat0x,adilsoybali
2023-06-14 13:05:08 +00:00
severity : info
description : |
Quasar RAT is a malware family written in .NET which is used by a variety of attackers. The malware is fully functional and open source, and is often packed to make analysis of the source more difficult.
reference : |
https://malpedia.caad.fkie.fraunhofer.de/details/win.quasar_rat
metadata :
verified : "true"
2023-10-14 11:27:55 +00:00
max-request : 1
2023-06-14 13:05:08 +00:00
shodan-query : ssl.cert.subject.cn:"Quasar Server CA"
2023-11-04 13:25:55 +00:00
censys-query: 'services.tls.certificates.leaf_data.subject.common_name : {"Quasar Server CA" }'
2023-06-14 14:31:09 +00:00
tags : c2,ir,osint,malware,quasar,rat
2023-06-14 13:05:08 +00:00
ssl :
- address : "{{Host}}:{{Port}}"
matchers :
- type : word
part : issuer_cn
words :
- "Quasar Server CA"
extractors :
- type : json
json :
- " .issuer_cn"
2023-11-07 07:20:43 +00:00
# digest: 4a0a0047304502210089c3b7edfbbd1e6f13c79ed724e93ae0db447239b79bb2be0496828c5b7d2e2a022069d9ff039f32ebf74f17f2a6efe0a56b6704a80540b1b1d93bf359b0fc28b2f1:922c64590222798bb761d5b6d8e72950
