daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update quasar-rat-c2.yaml

patch-1
Adil Soybalı 2023-11-04 16:25:55 +03:00 committed by GitHub
parent 8a02062243
commit e734668026
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/c2/quasar-rat-c2.yaml
View File

@ -2,7 +2,7 @@ id: quasar-rat-c2
info: info:
name: Quasar RAT C2 SSL Certificate - Detect name: Quasar RAT C2 SSL Certificate - Detect
author: johnk3r,pussycat0x author: johnk3r,pussycat0x,adilsoybali
severity: info severity: info
description: | description: |
Quasar RAT is a malware family written in .NET which is used by a variety of attackers. The malware is fully functional and open source, and is often packed to make analysis of the source more difficult. Quasar RAT is a malware family written in .NET which is used by a variety of attackers. The malware is fully functional and open source, and is often packed to make analysis of the source more difficult.
@ -12,7 +12,7 @@ info:
verified: "true" verified: "true"
max-request: 1 max-request: 1
shodan-query: ssl.cert.subject.cn:"Quasar Server CA" shodan-query: ssl.cert.subject.cn:"Quasar Server CA"
censys-query: 'services.tls.certificates.leaf_data.subject.common_name: {"Orcus Server","OrcusServerCertificate"}' censys-query: 'services.tls.certificates.leaf_data.subject.common_name: {"Quasar Server CA"}'
tags: c2,ir,osint,malware,quasar,rat tags: c2,ir,osint,malware,quasar,rat
ssl: ssl:
- address: "{{Host}}:{{Port}}" - address: "{{Host}}:{{Port}}"
@ -21,7 +21,6 @@ ssl:
part: issuer_cn part: issuer_cn
words: words:
- "Quasar Server CA" - "Quasar Server CA"
- "OrcusServerCertificate"
condition: or condition: or
extractors: extractors: