nuclei-templates/ssl/c2/sliver-c2.yaml

34 lines
1.1 KiB
YAML

id: sliver-c2
info:
name: Sliver C2 - Detect
author: johnk3r
severity: info
description: |
Sliver is a Command and Control (C2) system made for penetration testers, red teams, and advanced persistent threats. It generates implants (slivers) that can run on virtually every architecture out there, and securely manage these connections through a central server
reference: |
https://malpedia.caad.fkie.fraunhofer.de/details/win.sliver
metadata:
verified: "true"
max-request: 1
shodan-query: product:"Sliver C2"
tags: c2,ssl,ir,osint,malware,sliver,tls
ssl:
- address: "{{Host}}:{{Port}}"
matchers-condition: and
matchers:
- type: word
part: issuer_cn
words:
- "operators"
- type: word
part: subject_dn
words:
- "CN=multiplayer"
extractors:
- type: json
json:
- " .issuer_cn"
# digest: 4a0a0047304502201c72e20115c332fd53ebe18fa5b8654ca0a308cd573381dd82452b53fe19b960022100b42330a4e396d187c9a1d40400b50b7bb35dc695e1fd1da458fa9057efb8dbc2:922c64590222798bb761d5b6d8e72950