daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor -update

patch-1
pussycat0x 2023-06-14 20:01:09 +05:30 committed by GitHub
parent 19092d82f8
commit 886e444e3d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ssl/c2/quasar-rat-c2.yaml
View File

@ -2,7 +2,7 @@ id: quasar-rat-c2
info: info:
name: Detect SSL Certificate Quasar RAT C2 name: Detect SSL Certificate Quasar RAT C2
author: johnk3r author: johnk3r,pussycat0x
severity: info severity: info
description: | description: |
Quasar RAT is a malware family written in .NET which is used by a variety of attackers. The malware is fully functional and open source, and is often packed to make analysis of the source more difficult. Quasar RAT is a malware family written in .NET which is used by a variety of attackers. The malware is fully functional and open source, and is often packed to make analysis of the source more difficult.
@ -12,7 +12,8 @@ info:
max-request: 1 max-request: 1
verified: "true" verified: "true"
shodan-query: ssl.cert.subject.cn:"Quasar Server CA" shodan-query: ssl.cert.subject.cn:"Quasar Server CA"
tags: c2,ir,osint,malware censys-query: 'services.tls.certificates.leaf_data.subject.common_name: {"Orcus Server","OrcusServerCertificate"}'
tags: c2,ir,osint,malware,quasar,rat
ssl: ssl:
- address: "{{Host}}:{{Port}}" - address: "{{Host}}:{{Port}}"
@ -22,6 +23,8 @@ ssl:
part: issuer_cn part: issuer_cn
words: words:
- "Quasar Server CA" - "Quasar Server CA"
- "OrcusServerCertificate"
condition: or
extractors: extractors:
- type: json - type: json