216.73.217.50

Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts

· Published 12/08/2024 11:45 · Modified 12/08/2024 12:13

Export JSON

Essential information

Published
12/08/2024 11:45
Modified
12/08/2024 12:13
Tags
2024-08-12 batch evasion poshc2 scripts sliver
Related entities
32 observables, 10 techniques (mitre), 2 malware

Description

An investigation by The DFIR report revealed a collection of designed for defense and executing command-and-control payloads. These performed various actions, including disabling antivirus processes, stopping services related to SQL, Hyper-V, security tools, and Exchange servers, erasing backups, wiping event logs, and managing the installation or removal of remote monitoring tools. Additional tools like Ngrok, SystemBC, , and were also utilized. The threat actors have been active intermittently since September 2023, with the most recent activity detected in August 2024.

External references