Update quasar-rat-c2.yaml

ssl/c2/quasar-rat-c2.yaml

@@ -2,7 +2,7 @@ id: quasar-rat-c2
 
 info:
   name: Quasar RAT C2 SSL Certificate - Detect
-  author: johnk3r,pussycat0x
+  author: johnk3r,pussycat0x,adilsoybali
   severity: info
   description: |
     Quasar RAT is a malware family written in .NET which is used by a variety of attackers. The malware is fully functional and open source, and is often packed to make analysis of the source more difficult.
@@ -12,7 +12,7 @@ info:
     verified: "true"
     max-request: 1
     shodan-query: ssl.cert.subject.cn:"Quasar Server CA"
-    censys-query: 'services.tls.certificates.leaf_data.subject.common_name: {"Orcus Server","OrcusServerCertificate"}'
+    censys-query: 'services.tls.certificates.leaf_data.subject.common_name: {"Quasar Server CA"}'
   tags: c2,ir,osint,malware,quasar,rat
 ssl:
   - address: "{{Host}}:{{Port}}"
@@ -21,7 +21,6 @@ ssl:
         part: issuer_cn
         words:
           - "Quasar Server CA"
-          - "OrcusServerCertificate"
         condition: or
 
     extractors: