Create sliver-c2.yaml
parent
3aa158940c
commit
3abdffb50f
|
@ -0,0 +1,33 @@
|
||||||
|
id: sliver-c2
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Sliver C2 - Detect
|
||||||
|
author: johnk3r
|
||||||
|
severity: info
|
||||||
|
description: |
|
||||||
|
Sliver is a Command and Control (C2) system made for penetration testers, red teams, and advanced persistent threats. It generates implants (slivers) that can run on virtually every architecture out there, and securely manage these connections through a central server
|
||||||
|
reference: |
|
||||||
|
https://malpedia.caad.fkie.fraunhofer.de/details/win.sliver
|
||||||
|
metadata:
|
||||||
|
verified: "true"
|
||||||
|
max-request: 1
|
||||||
|
shodan-query: ssl:"multiplayer" tag:c2
|
||||||
|
tags: c2,ssl,ir,osint,malware,sliver
|
||||||
|
ssl:
|
||||||
|
- address: "{{Host}}:{{Port}}"
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: issuer_cn
|
||||||
|
words:
|
||||||
|
- "operators"
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: subject_dn
|
||||||
|
words:
|
||||||
|
- "CN=multiplayer"
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: json
|
||||||
|
json:
|
||||||
|
- " .issuer_cn"
|
Loading…
Reference in New Issue