Skip to content
Nuclei Templates

DcRat Server C2 - Detect

ID: dcrat-server-c2

Severity: info

Author: pussycat0x

Tags: c2,ssl,tls,ir,osint,malware,dcrat

Description

Section titled “Description”

DCRat uses a modular framework that deploys separate executables for each module, most of which are compiled . net binaries programmed in C#.

YAML Source

Section titled “YAML Source”
id: dcrat-server-c2


info:
  name: DcRat Server C2 - Detect
  author: pussycat0x
  severity: info
  description: |
    DCRat uses a modular framework that deploys separate executables for each module, most of which are compiled . net binaries programmed in C#.
  reference: |
    https://github.com/thehappydinoa/awesome-censys-queries#dcrat--
  metadata:
    verified: "true"
    max-request: 1
    censys-query: 'services.tls.certificates.leaf_data.subject.common_name: "DcRat Server"'
  tags: c2,ssl,tls,ir,osint,malware,dcrat
ssl:
  - address: "{{Host}}:{{Port}}"
    matchers:
      - type: word
        part: issuer_cn
        words:
          - "DcRat Server"


    extractors:
      - type: json
        json:
          - ".issuer_cn"
# digest: 4a0a00473045022063912c1f3618c52759812b20158a5d20e183563d7af3e3e3099a260c8d2c0391022100ce9089502b01a84dda3bd5553fba482df1bca5094b801e1c57dc7ce383f31989:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "ssl/c2/dcrat-server-c2.yaml"

View on Github