Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
Tags
Show in Graph
Common Information
Type Value
UUID 427a8209-fd99-4b9e-963a-499a47182a49
Fingerprint b408a853252fb314
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 12, 2024, 1:46 a.m.
Added to db Aug. 31, 2024, 8:26 a.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
Title Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
Detected Hints/Tags/Attributes 0/0/29
Source URLs
Redirection Url
Details Source https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/
URL Provider
Details Provider Source level domain
Details thedfirreport.com thedfirreport.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 249 The DFIR Report https://thedfirreport.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 2 
cve-2023-34758
Details Domain 4127 
github.com
Details Domain 110 
www.reddit.com
Details Domain 1 
www.cliftonsystems.co.uk
Details Domain 2 
patrickdomingues.com
Details Domain 1 
www.get-itsolutions.com
Details Domain 1 
helpdesksupport613811560.servicedesk.atera.com
Details Domain 2 
dropper.py
Details File 1 
atera_del.bat
Details File 1 
atera_del2.bat
Details File 9 
backup.bat
Details File 1 
delbackup.bat
Details File 1 
clearlog.bat
Details File 4 
def1.bat
Details File 1 
defendermalwar.bat
Details File 2 
posh_v2_dropper_x64.exe
Details File 2 
vmmanagedsetup.exe
Details File 1 
disable.bat
Details File 1 
hyp.bat
Details File 1 
logofall.bat
Details File 1 
logofall1.bat
Details File 25 
http.html
Details File 1 
poshc2+user.txt
Details File 1 
poschc2+user.txt
Details File 1 
ticketingtray.exe
Details File 1 
cdedit.exe
Details File 95 
wevtutil.exe
Details File 1 
evtutil.exe
Details File 351 
recycle.bin