daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bitrat C2 - Detect

patch-1
pussycat0x 2023-06-14 19:51:21 +05:30 committed by GitHub
parent 1e0744f23b
commit d63b7bd484
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
ssl/c2/bitrat-c2.yaml Normal file
View File

@ -0,0 +1,28 @@
id: bitrat-c2
info:
name: Bitrat C2 - Detect
author: pussycat0x
severity: info
description: |
BitRAT is a fairly recent, notorious remote access trojan (RAT) marketed on underground cybercriminal web markets and forums since Feb 2021. The RAT is particularly well known for its social media presence and functionality such as: Data exfiltration. Execution of payloads with bypasses.
reference: |
https://github.com/thehappydinoa/awesome-censys-queries#bitrat--
metadata:
verified: "true"
censys-query: 'services.tls.certificates.leaf_data.subject.common_name: "BitRAT"'
tags: c2,ir,osint,bitrat,ssl
ssl:
- address: "{{Host}}:{{Port}}"
matchers:
- type: word
part: issuer_cn
words:
- "BitRAT"
extractors:
- type: json
json:
- ".issuer_cn"