id: xtremerat-trojan info: name: XtremeRAT Trojan - Detect author: pussycat0x severity: info description: | Xtreme Rat is a Remote Access Trojan that can steal information. This RAT has been used in attacks targeting Israeli and Syrian governments last 2012. reference: - https://github.com/montysecurity/C2-Tracker/blob/main/tracker.py metadata: verified: true max-request: 1 shodan-query: product:'XtremeRAT Trojan' tags: network,c2,ir,osint,cti,xtreamerat,tcp tcp: - inputs: - data: 2E type: hex host: - "{{Hostname}}" port: 10001 read-size: 1024 matchers: - type: regex regex: - "^X$" # digest: 4a0a00473045022100e211467687f43c3d84b9ac91cf977dede4ed3947b367ac1fff1806c76e3960d20220240a3c0c60b9da4be0b4a70e24ff72586870f4c7e13797bf0b346e393c1ce5de:922c64590222798bb761d5b6d8e72950