Merge pull request #7428 from projectdiscovery/pussycat0x-patch-23

Bitrat C2 - Detect
2023-06-15 14:47:55 +05:30 · 2023-06-15 14:47:55 +05:30 · 05142086e9
parent 4c8c808072 d63b7bd484
commit 05142086e9
1 changed files with 28 additions and 0 deletions
--- a/ssl/c2/bitrat-c2.yaml
+++ b/ssl/c2/bitrat-c2.yaml
@ -0,0 +1,28 @@
+id: bitrat-c2
+
+info:
+  name: Bitrat C2 - Detect
+  author: pussycat0x
+  severity: info
+  description: |
+    BitRAT is a fairly recent, notorious remote access trojan (RAT) marketed on underground cybercriminal web markets and forums since Feb 2021. The RAT is particularly well known for its social media presence and functionality such as: Data exfiltration. Execution of payloads with bypasses.
+  reference: |
+    https://github.com/thehappydinoa/awesome-censys-queries#bitrat--
+  metadata:
+    verified: "true"
+    censys-query: 'services.tls.certificates.leaf_data.subject.common_name: "BitRAT"'
+  tags: c2,ir,osint,bitrat,ssl
+
+ssl:
+  - address: "{{Host}}:{{Port}}"
+
+    matchers:
+      - type: word
+        part: issuer_cn
+        words:
+          - "BitRAT"
+
+    extractors:
+      - type: json
+        json:
+          - ".issuer_cn"