Merge pull request #7419 from projectdiscovery/pussycat0x-patch-15

Covenant C2 - Detect
2023-06-15 16:54:42 +05:30 · 2023-06-15 16:54:42 +05:30 · 12a02aa063
parent f61c0edc78 c97e2d365e
commit 12a02aa063
1 changed files with 28 additions and 0 deletions
--- a/ssl/c2/covenant-c2-ssl.yaml
+++ b/ssl/c2/covenant-c2-ssl.yaml
@ -0,0 +1,28 @@
+id: covenant-c2-ssl
+
+info:
+  name: Covenant C2 SSL - Detect
+  author: pussycat0x
+  severity: info
+  description: |
+    Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier,and serve as a collaborative command and control platform for red teamers.
+  reference: |
+    https://twitter.com/MichalKoczwara/status/1548685058403360770
+  metadata:
+    verified: "true"
+    shodan-query: ssl:”Covenant” http.component:”Blazor”
+  tags: c2,ir,osint,covenant,ssl
+
+ssl:
+  - address: "{{Host}}:{{Port}}"
+
+    matchers:
+      - type: word
+        part: subject_dn
+        words:
+          - "CN=Covenant"
+
+    extractors:
+      - type: json
+        json:
+          - ".subject_dn"