nuclei-templates/network/jarm/c2/sliver-c2-jarm.yaml

25 lines
1009 B
YAML

id: sliver-c2-jarm
info:
name: Sliver C2 JARM - Detect
author: pussycat0x
severity: info
description: |
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver's implants support C2 over Mutual TLS (mTLS), WireGuard, HTTP(S), and DNS and are dynamically compiled with per-binary asymmetric encryption keys.
reference:
- https://github.com/cedowens/C2-JARM
- https://github.com/BishopFox/sliver
metadata:
max-request: 1
tags: jarm,c2,ir,osint,cti,sliver
tcp:
- inputs:
- data: 2E
type: hex
host:
- "{{Hostname}}"
matchers:
- type: dsl
dsl:
- "jarm(Hostname) == '2ad2ad0002ad2ad00041d2ad2ad41da5207249a18099be84ef3c8811adc883'"
# digest: 4a0a00473045022100dfd1be5aa8579a9c1ec5ca3c89e3828425fdace6e52a294b55fc8a9adb74d3a40220393091982c44e799e6e5b3943173937c44a4d8243011cac4ec194a18d2cfd03e:922c64590222798bb761d5b6d8e72950