Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
The Sliver framework is a publicly available and well-known tool associated with pen testing, security assessments, and persistent planned attacks. Command-and-control (C&C) connections generated by Sliver indicate that an attacker could remotely control a device and gain an entry point for further attacks on the network.
Kill Chain
Risk Score
88
The Sliver framework manages C&C communications with a malicious executable file called an implant. When a victim runs the executable file, the implant is installed on the victim and then acts as a shell for running commands. To initiate a C&C connection, the implant creates specially-designed HTTP GET and HTTP POST requests that are sent to the C&C server.
Quarantine the device while checking for the presence of a malicious executable, such as ONTEGRATED_SECOND.exe
Monitor port 443 for unusual network activity such as data exfiltration
Investigate unusual network activity such as lateral movement
