Howdy! This week I’m sharing a query that searches for hosts running services presenting a certificate with a particular string in the subject DN, in this case “AsyncRAT Server”, which could indicate that that host and service are running malware.

services.tls.certificates.leaf_data.subject_dn=`AsyncRAT Server`

This is part of a regular series of posts in which we’ll highlight useful, interesting, and otherwise cool queries for use with Censys Search and ASM. If you have any questions, similar queries, or custom versions of this week’s highlight, let us know!