nuclei-templates/ssl/c2/asyncrat-c2.yaml

29 lines
1.3 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

id: asyncrat-c2
info:
name: AsyncRAT C2 - Detect
author: johnk3r
severity: info
description: |
AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.
reference: |
https://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat
metadata:
verified: "true"
max-request: 1
shodan-query: ssl:"AsyncRAT Server"
censys-query: services.tls.certificates.leaf_data.issuer.common_name:AsyncRat
tags: c2,ssl,tls,ir,osint,malware,asyncrat
ssl:
- address: "{{Host}}:{{Port}}"
matchers:
- type: word
part: issuer_cn
words:
- "AsyncRAT Server"
extractors:
- type: json
json:
- " .issuer_cn"
# digest: 4a0a00473045022100c59847c783270837ebb9b2cebee01b561be5ea05cd2616a58b88b06a29504c080220279339a3be2b66697a10fbe80acc53ebafc888777a7f1975fc7194b72d78911e:922c64590222798bb761d5b6d8e72950