Skip to content

Commit

Permalink
Update quasar-rat-c2.yaml
Browse files Browse the repository at this point in the history
  • Loading branch information
@adilsoybali
adilsoybali authored Nov 4, 2023
1 parent 8a02062 commit e734668
Showing 1 changed file with 2 additions and 3 deletions.
5 changes: 2 additions & 3 deletions ssl/c2/quasar-rat-c2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ id: quasar-rat-c2

info:
name: Quasar RAT C2 SSL Certificate - Detect
author: johnk3r,pussycat0x
author: johnk3r,pussycat0x,adilsoybali
severity: info
description: |
Quasar RAT is a malware family written in .NET which is used by a variety of attackers. The malware is fully functional and open source, and is often packed to make analysis of the source more difficult.
Expand All @@ -12,7 +12,7 @@ info:
verified: "true"
max-request: 1
shodan-query: ssl.cert.subject.cn:"Quasar Server CA"
censys-query: 'services.tls.certificates.leaf_data.subject.common_name: {"Orcus Server","OrcusServerCertificate"}'
censys-query: 'services.tls.certificates.leaf_data.subject.common_name: {"Quasar Server CA"}'
tags: c2,ir,osint,malware,quasar,rat
ssl:
- address: "{{Host}}:{{Port}}"
Expand All @@ -21,7 +21,6 @@ ssl:
part: issuer_cn
words:
- "Quasar Server CA"
- "OrcusServerCertificate"
condition: or

extractors:
Expand Down

0 comments on commit e734668

Please sign in to comment.