From a75f4430332eccc8a8bafd000fdc848cd1ca89af Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Fri, 26 Aug 2022 20:52:19 +0200
Subject: [PATCH] Delete win_sliver_c2_default_service.yml

---
 .../system/win_sliver_c2_default_service.yml  | 23 -------------------
 1 file changed, 23 deletions(-)
 delete mode 100644 rules/windows/builtin/system/win_sliver_c2_default_service.yml

diff --git a/rules/windows/builtin/system/win_sliver_c2_default_service.yml b/rules/windows/builtin/system/win_sliver_c2_default_service.yml
deleted file mode 100644
index a9395e3dc..000000000
--- a/rules/windows/builtin/system/win_sliver_c2_default_service.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-title: SLIVER C2 Default Service Install
-id: 4b959891-cf82-4eef-8cf5-c0431cf5a039
-status: experimental
-description: Detects the installation of the SLIVER C2 default service.
-author: Nasreddine Bencherchali
-references:
-    - https://github.com/BishopFox/sliver/blob/79f2d48fcdfc2bee4713b78d431ea4b27f733f30/client/command/commands.go#L1231
-    - https://www.microsoft.com/security/blog/2022/08/24/looking-for-the-sliver-lining-hunting-for-emerging-command-and-control-frameworks/
-date: 2022/08/25
-logsource:
-    product: windows
-    service: system
-detection:
-    selection:
-        Provider_Name: 'Service Control Manager'
-        EventID: 7045
-        ServiceName: 'Sliver'
-    condition: selection
-falsepositives:
-    - Unlikely
-level: medium
-tags:
-  - attack.persistence