Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
An investigation by The DFIR report revealed a collection of batch scripts designed for defense evasion and executing command-and-control payloads. These scripts performed various actions, including disabling antivirus processes, stopping services related to SQL, Hyper-V, security tools, and Exchange servers, erasing backups, wiping event logs, and managing the installation or removal of remote monitoring tools. Additional tools like Ngrok, SystemBC, Sliver, and PoshC2 were also utilized. The threat actors have been active intermittently since September 2023, with the most recent activity detected in August 2024.
OPENCTI LABELS :
evasion,sliver,batch,poshc2,scripts
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts