2024-04-11 13:30:03 +00:00
id : sliver-c2
info :
name : Sliver C2 - Detect
author : johnk3r
severity : info
description : |
Sliver is a Command and Control (C2) system made for penetration testers, red teams, and advanced persistent threats. It generates implants (slivers) that can run on virtually every architecture out there, and securely manage these connections through a central server
reference : |
https://malpedia.caad.fkie.fraunhofer.de/details/win.sliver
metadata :
verified : "true"
max-request : 1
2024-04-18 07:50:42 +00:00
shodan-query : product:"Sliver C2"
2024-06-07 10:04:29 +00:00
tags : c2,ssl,ir,osint,malware,sliver,tls
2024-04-11 13:30:03 +00:00
ssl :
- address : "{{Host}}:{{Port}}"
matchers-condition : and
matchers :
- type : word
part : issuer_cn
words :
- "operators"
- type : word
part : subject_dn
words :
- "CN=multiplayer"
extractors :
- type : json
json :
- " .issuer_cn"
2024-06-08 16:02:17 +00:00
# digest: 4a0a0047304502201c72e20115c332fd53ebe18fa5b8654ca0a308cd573381dd82452b53fe19b960022100b42330a4e396d187c9a1d40400b50b7bb35dc695e1fd1da458fa9057efb8dbc2:922c64590222798bb761d5b6d8e72950