security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Delete win_sliver_c2_default_service.yml

Browse Source
This commit is contained in:
Florian Roth
2022-08-26 20:52:19 +02:00
committed by GitHub
parent bc46de2685
commit a75f443033
1 changed files with 0 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/builtin/system/win_sliver_c2_default_service.yml
-23
View File
@@ -1,23 +0,0 @@
title: SLIVER C2 Default Service Install
id: 4b959891-cf82-4eef-8cf5-c0431cf5a039
status: experimental
description: Detects the installation of the SLIVER C2 default service.
author: Nasreddine Bencherchali
references:
- https://github.com/BishopFox/sliver/blob/79f2d48fcdfc2bee4713b78d431ea4b27f733f30/client/command/commands.go#L1231
- https://www.microsoft.com/security/blog/2022/08/24/looking-for-the-sliver-lining-hunting-for-emerging-command-and-control-frameworks/
date: 2022/08/25
logsource:
product: windows
service: system
detection:
selection:
Provider_Name: 'Service Control Manager'
EventID: 7045
ServiceName: 'Sliver'
condition: selection
falsepositives:
- Unlikely
level: medium
tags:
- attack.persistence