Merge pull request #6785 from projectdiscovery/pussycat0x-patch-2

C2 - Detection
patch-1
Dhiyaneshwaran 2023-02-23 22:59:02 +05:30 committed by GitHub
commit 60dbfd0053
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 91 additions and 0 deletions

30
c2/covenant-c2.yaml Normal file
View File

@ -0,0 +1,30 @@
id: covenant-c2
info:
name: Covenant C2 - Detect
author: pussycat0x
severity: info
description: |
Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier,and serve as a collaborative command and control platform for red teamers.
reference: |
https://www.socinvestigation.com/shodan-filters-to-hunt-adversaries-infrastructure-and-c2/
metadata:
verified: true
shodan-query: ssl:”Covenant” http.component:”Blazor”
tags: c2,ir,osint,covenant
requests:
- method: GET
path:
- '{{BaseURL}}/covenantuser/login'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Covenant - Login</title>'
- type: status
status:
- 200

30
c2/deimos-c2.yaml Normal file
View File

@ -0,0 +1,30 @@
id: deimos-c2
info:
name: Deimos C2 - Detect
author: pussycat0x
severity: info
description: |
DeimosC2 is a post-exploitation Command & Control (C2) tool that leverages multiple communication methods in order to control machines that have been compromised. DeimosC2 server and agents works on, and has been tested on, Windows, Darwin, and Linux.It is entirely written in Golang with a front end written in Vue.js.
reference: |
https://twitter.com/MichalKoczwara/status/1551632627387473920
metadata:
verified: true
shodan-query: http.html_hash:-14029177
tags: c2,ir,osint,deimosc2
requests:
- method: GET
path:
- '{{BaseURL}}/login'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Deimos C2</title>'
- type: status
status:
- 200

31
c2/mythic-c2.yaml Normal file
View File

@ -0,0 +1,31 @@
id: mythic-c2
info:
name: Mythic C2 - Detect
author: pussycat0x
severity: info
description: |
A cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI.
It's designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout red teaming.
reference: |
https://www.socinvestigation.com/shodan-filters-to-hunt-adversaries-infrastructure-and-c2/
metadata:
verified: "true"
shodan-query: 'ssl:Mythic port:7443'
tags: c2,ir,osint,mythic
requests:
- method: GET
path:
- '{{BaseURL}}/new/login'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>Mythic</title><'
- type: status
status:
- 200