Skip to content

Commit

Permalink
feat(fp): Add VenomRAT fingerprint
Browse files Browse the repository at this point in the history
  • Loading branch information
@thehappydinoa
thehappydinoa committed Oct 23, 2023
1 parent e6c2baa commit dd8b255
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions fingerprints.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ confidence_level: 100
tags: [C2, Mythic]
---
name: "BitRAT"
censys_query: 'services.software.product: BitRAT'
censys_query: "services.software.product: BitRAT"
censys_virtual_hosts: true
malware_name: "win.bit_rat"
confidence_level: 100
Expand Down Expand Up @@ -161,7 +161,8 @@ confidence_level: 75
tags: [C2, RAT]
---
name: "Pikabot"
censys_query: 'services: (jarm.fingerprint="21d19d00021d21d21c21d19d21d21dd188f9fdeea4d1b361be3a6ec494b2d2"
censys_query:
'services: (jarm.fingerprint="21d19d00021d21d21c21d19d21d21dd188f9fdeea4d1b361be3a6ec494b2d2"
and port: 5000)'
censys_virtual_hosts: false
malware_name: "win.pikabot"
Expand All @@ -175,3 +176,10 @@ malware_name: "win.sliver"
confidence_level: 90
tags: [C2]
---
name: "VenomRAT"
censys_query: 'services: (tls.certificates.leaf_data.subject.common_name: "VenomRAT" or tls.certificates.leaf_data.issuer.common_name: "VenomRAT Server" or tls.certificates.leaf_data.issuer.organization: "VenomRAT By qwqdanchun")'
censys_virtual_hosts: true
malware_name: "win.venom"
confidence_level: 100
tags: [C2, RAT]
---

0 comments on commit dd8b255

Please sign in to comment.