mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
Create sliver-c2.yaml
This commit is contained in:
johnk3r
33
ssl/c2/sliver-c2.yaml
Normal file
33
ssl/c2/sliver-c2.yaml
Normal file
@@ -0,0 +1,33 @@
|
||||
id: sliver-c2
|
||||
|
||||
info:
|
||||
name: Sliver C2 - Detect
|
||||
author: johnk3r
|
||||
severity: info
|
||||
description: |
|
||||
Sliver is a Command and Control (C2) system made for penetration testers, red teams, and advanced persistent threats. It generates implants (slivers) that can run on virtually every architecture out there, and securely manage these connections through a central server
|
||||
reference: |
|
||||
https://malpedia.caad.fkie.fraunhofer.de/details/win.sliver
|
||||
metadata:
|
||||
verified: "true"
|
||||
max-request: 1
|
||||
shodan-query: ssl:"multiplayer" tag:c2
|
||||
tags: c2,ssl,ir,osint,malware,sliver
|
||||
ssl:
|
||||
- address: "{{Host}}:{{Port}}"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: issuer_cn
|
||||
words:
|
||||
- "operators"
|
||||
|
||||
- type: word
|
||||
part: subject_dn
|
||||
words:
|
||||
- "CN=multiplayer"
|
||||
|
||||
extractors:
|
||||
- type: json
|
||||
json:
|
||||
- " .issuer_cn"
|
||||
Reference in New Issue
Block a user