Sliver

Hunt queries (Shodan, Censys, Fofa, URLScan)

Hunt query sharings are temporarily disabled.

Summary

TL; DR: A open-source post-compromise C2 framework.

Type: C2 framework

Targeted Operating Systems: MacOS, Windows, and Linux

Interesting characteristics: Open source (https://github.com/BishopFox/sliver)

Threat tag: win.sliver

Reporting: https://malpedia.caad.fkie.fraunhofer.de/details/win.sliver

TTPs: https://attack.mitre.org/software/S0633/

IOCs

• 46.148.26.88:443
• 47.111.31.7:8443
• 185.25.51.144:443
• 8.210.232.186:443
• 54.197.29.26:443
• 47.111.65.26:443
• 165.227.231.125:443
• 3.235.153.136:443
• 47.111.31.7:443
• 46.21.159.189:443
• 185.142.184.201:2376
• 35.240.180.169:2376
• 81.92.234.5:443
• 20.121.237.146:443
• 116.203.193.154:443
• 104.198.157.56:8083
• 159.75.222.179:2376
• 13.52.234.113:443
• 51.195.252.147:443
• 104.197.117.123:443
• 80.240.21.102:2376
• 5.161.206.45:2376
• 162.55.173.180:2376
• 3.32.156.37:2376
• 69.64.160.107:443
• 34.143.153.255:2376
• 34.90.195.133:2376
• 34.143.209.90:2376
• 35.222.116.63:8083
• 3.232.215.227:8083
• 129.80.81.64:2376
• 35.203.17.14:2376
• 3.88.34.220:2376
• 3.33.238.117:8083
• 113.4.19.28:2376
• 54.185.36.34:8083
• 167.235.244.179:2376
• 5.78.102.166:2376
• 121.5.59.64:443
• 65.21.123.66:2376
• 13.91.106.22:8083
• 35.247.3.222:443
• 35.216.181.214:2376
• 35.232.164.7:8083
• 178.128.236.145:2376
• 116.203.205.230:443
• 18.219.46.104:443
• 34.71.72.45:8083
• 88.218.224.182:8443
• 88.218.224.182:443
• 52.4.122.136:2376
• 54.198.73.201:8083
• 52.56.159.3:2376
• 176.31.21.120:2376
• 3.79.95.174:2376
• 31.172.83.48:2376
• 52.86.72.243:8083
• 18.176.32.89:2376
• 3.75.222.122:2376
• 35.168.213.32:8083
• 31.147.205.87:8081
• 34.126.74.251:2376
• 34.95.37.163:2376
• 54.227.170.33:8083
• 52.56.38.0:443
• 34.126.163.54:2376
• 35.238.243.118:8083
• 154.53.35.50:2376
• 34.69.252.38:8083
• 44.214.190.129:8083
• 34.77.164.25:443
• 145.239.85.234:2376
• 15.197.228.221:8083
• 54.93.220.4:2376
• 54.198.73.201:443
• 3.132.127.123:8083
• 35.226.172.143:8083
• 44.214.190.129:443
• 194.26.196.83:2376
• 206.117.31.235:443
• 209.42.194.93:8081
• 163.5.143.157:2376
• 3.79.246.57:2376
• 18.184.208.136:2376
• 52.71.220.7:8083
• 18.216.116.172:8083
• 34.168.149.233:443
• 3.228.129.243:2376
• 209.42.194.94:8081
• 52.197.114.159:2376
• 54.146.175.95:8083
• 195.201.235.164:443
• 52.56.68.28:443
• 5.75.185.92:2376
• 54.227.170.33:443
• 54.160.56.128:2376
• 34.95.63.26:2376
• 52.57.163.198:2376
• 65.21.123.81:2376
• 188.40.163.156:443
• 18.157.163.215:2376
• 52.202.74.36:8083
• 3.76.222.154:2376
• 18.184.113.135:2376
• 23.234.203.187:9443
• 3.121.212.242:2376
• 45.133.194.65:443
• 54.210.7.101:443
• 142.93.192.224:1337
• 35.198.225.38:2376
• 18.196.240.144:2376
• 35.195.109.194:8083
• 54.147.40.32:8443
• 3.71.1.246:2376
• 188.40.163.156:8443
• 3.212.234.126:2376
• 18.197.69.9:2376
• 18.205.146.13:2376
• 185.94.237.235:8443
• 52.156.132.245:8083
• 34.143.223.175:2376
• 176.31.21.16:2376
• 129.153.131.167:2376
• 3.37.1.94:2376
• 44.203.191.159:2376
• 134.209.218.35:10443
• 188.68.35.207:2376
• 113.4.19.22:2376
• 52.3.154.42:2376
• 135.181.250.71:2376
• 35.234.251.236:2376
• 35.232.88.10:8083
• 114.115.158.49:2376
• 52.55.201.51:2376
• 45.79.28.120:2376
• 35.238.12.241:8083
• 35.156.61.119:443
• 52.59.203.122:2376
• 52.200.129.68:2376
• 93.90.193.128:2376
• 3.71.181.49:2376
• 35.198.198.102:2376
• 54.90.106.204:2376
• 141.95.73.4:2376
• 3.67.84.194:2376
• 193.137.197.130:443
• 3.120.187.11:2376
• 35.203.35.135:2376
• 18.216.108.112:8083
• 34.142.207.150:2376
• 46.38.239.155:2376
• 35.226.166.202:8083
• 35.226.14.60:8083
• 34.91.1.44:2376
• 35.240.143.100:2376
• 35.159.38.229:2376
• 185.8.105.120:2376
• 34.95.30.177:2376
• 113.4.19.25:2376
• 34.148.19.100:2376
• 18.220.125.151:8083
• 5.181.23.179:2376
• 3.76.250.91:2376
• 52.202.226.75:2376
• 3.79.181.53:2376
• 45.142.213.85:2376
• 3.76.104.227:2376
• 54.93.80.66:2376
• 35.203.83.183:2376
• 35.231.225.211:2376
• 54.163.249.10:8083
• 18.206.175.252:8083
• 31.147.207.51:8081
• 52.28.174.18:2376
• 35.228.198.215:2376
• 45.142.214.121:2376
• 52.22.145.117:8083
• 194.182.70.200:8443
• 3.71.53.238:2376
• 23.251.128.205:2376
• 34.143.178.184:2376
• 3.123.1.189:2376
• 54.166.213.120:8083
• 35.242.142.247:2376
• 18.156.84.197:2376
• 35.169.120.200:8083
• 3.71.41.123:2376
• 45.137.155.89:2376
• 18.219.108.95:8083
• 35.202.76.152:8083
• 3.133.164.208:8083
• 18.184.58.217:2376
• 77.244.249.77:443
• 3.121.85.105:2376
• 34.88.205.25:2376
• 3.73.132.208:2376
• 35.157.144.183:2376
• 3.79.97.135:2376
• 54.207.132.156:2376
• 3.72.0.224:2376
• 74.48.44.7:9443
• 35.203.88.123:2376
• 3.127.210.141:2376
• 34.77.140.175:2376
• 35.203.123.82:2376
• 34.89.20.143:2376
• 34.88.134.230:2376
• 54.174.89.226:8083
• 178.190.102.43:2376
• 3.76.98.45:2376
• 3.64.193.204:2376
• 35.205.17.31:2376
• 35.228.89.229:2376
• 3.71.81.137:2376
• 3.75.250.5:2376
• 35.228.248.56:2376
• 35.174.58.172:8083
• 18.153.74.37:2376
• 54.175.249.5:8083
• 54.160.205.236:8083
• 3.127.214.250:2376
• 18.188.146.171:8083
• 3.77.56.253:2376
• 18.197.53.191:2376
• 91.113.48.177:2376
• 52.7.198.19:8083
• 35.203.105.134:2376
• 3.125.8.28:2376
• 18.197.51.228:2376
• 35.203.102.20:2376
• 3.79.230.146:2376
• 3.71.6.139:2376
• 18.195.125.195:2376
• 3.71.177.249:2376
• 34.126.76.184:2376
• 34.118.187.130:2376
• 35.246.24.13:2376
• 88.117.27.108:2376
• 18.191.34.239:8083
• 34.118.166.49:2376
• 35.153.249.112:8083
• 3.67.9.189:2376
• 18.184.135.86:2376
• 3.76.102.156:2376
• 3.68.157.117:2376
• 52.15.228.196:8083
• 52.73.109.241:8083
• 3.120.147.39:2376
• 18.193.81.144:2376
• 18.184.167.123:2376
• 18.118.220.182:8083
• 34.152.28.134:2376
• 3.79.103.101:2376
• 34.142.29.177:2376
• 34.152.50.185:2376
• 193.122.182.182:2376
• 3.76.8.79:2376
• 91.207.5.57:2376
• 34.118.141.190:2376
• 35.203.30.240:2376
• 18.118.177.107:8083
• 18.218.207.82:8083
• 34.95.43.129:2376
• 18.153.210.153:2376
• 51.77.137.208:2376
• 3.122.237.119:2376
• 185.125.56.177:2376
• 176.31.21.3:2376
• 3.70.47.231:2376
• 34.147.142.69:2376
• 35.230.156.200:2376
• 113.4.19.3:2376
• 18.193.68.253:2376
• 35.240.61.64:2376
• 34.88.16.45:2376
• 34.140.232.110:2376
• 34.88.42.175:2376
• 34.88.68.0:2376
• 34.88.85.211:2376
• 35.228.7.192:2376
• 165.232.113.85:443
• 34.147.242.231:2376
• 34.79.80.97:2376
• 3.70.168.173:2376
• 38.60.191.190:443
• 34.88.169.69:2376
• 35.228.165.245:2376
• 220.158.216.145:443
• 35.195.225.207:2376
• 35.197.194.79:2376
• 54.145.92.29:8083
• 34.88.176.115:2376
• 132.145.80.201:2376
• 64.227.124.50:31337
• 119.45.20.55:31337
• 212.71.246.109:443
• 119.91.216.63:31337
• 119.28.129.176:31337
• 103.140.187.122:443
• 65.21.180.80:31337
• 142.171.44.245:2053
• 51.250.67.9:31337
• 172.233.240.65:31337
• 5.255.126.139:31337
• 45.79.166.193:31337
• 5.8.10.71:31337
• 141.193.159.146:31337
• 167.114.115.246:31337
• 103.185.249.231:31337
• 193.3.19.167:31337
• 91.206.178.75:31337
• 69.164.202.214:31337
• 188.127.227.207:31337
• 172.104.63.85:31337
• 172.172.192.169:443
• 143.198.144.239:31337
• 118.184.186.182:42937
• 172.233.222.33:443
• 5.252.179.38:50666
• 143.198.184.220:31337
• 217.182.170.11:31337
• 174.138.56.147:31337
• 103.35.151.222:31337
• 103.87.10.156:3308
• 167.71.135.204:31337
• 3.231.153.226:31337
• 159.75.187.222:31337
• 91.199.147.205:56324
• 82.157.142.84:13137
• 106.14.158.153:33306
• 2001:41d0:801:2000:0:0:0:1535:443
• 45.120.52.149:31337
• 94.23.89.139:443
• 67.217.228.4:443
• 20.15.234.170:443
• 43.230.161.37:55556
• 43.132.177.94:31337
• 185.231.154.113:50543
• 64.227.130.114:31337
• 150.158.142.12:31337
• 111.68.7.122:31337
• 188.166.9.214:443
• 38.147.170.23:31337
• 195.123.225.29:31337
• 193.222.96.161:53535
• 137.175.12.38:31337
• 206.189.143.81:31337
• 185.80.129.37:31337
• 146.190.13.16:31337
• 51.81.201.194:31337
• 20.215.41.119:31337
• 104.198.153.240:31337
• 144.202.25.198:443
• 80.92.205.115:31337
• 104.248.80.162:31337
• 103.35.151.195:31337
• 156.245.11.27:31337
• 91.142.73.118:50543
• 159.223.182.9:31337
• 35.85.36.238:31337
• 172.233.237.227:31337
• 143.110.151.209:31337
• 139.144.79.120:31337
• 34.32.55.86:443
• 172.81.123.204:31337
• 119.91.77.189:31337
• 74.103.149.82:443
• 18.170.56.163:443
• 134.175.125.207:31337
• 3.19.71.233:443
• 170.187.207.78:31337
• 118.193.37.157:31337
• 148.66.57.51:31337
• 35.93.24.71:8443
• 138.197.143.1:31337
• 137.184.96.202:56722
• 54.255.154.71:443
• 104.193.69.166:31337
• 159.223.221.202:31337
• 185.17.40.153:31337
• 4.157.160.27:8444
• 103.15.105.29:31337
• 212.73.150.182:8443
• 91.92.243.90:31337
• 147.182.190.27:31337
• 148.66.57.50:31337
• 216.245.181.105:443
• 143.198.214.96:31337
• 154.204.44.228:31337
• 38.132.122.178:31337
• 87.98.233.247:443
• 207.174.3.213:443
• 138.197.224.55:31337
• 109.107.161.51:443
• 185.186.245.34:8443
• 104.225.129.137:31337
• 137.184.78.220:31337
• 88.214.25.240:31337
• 69.46.36.208:31337
• 179.60.150.147:31337
• 69.46.36.218:31337
• 64.225.53.227:443
• 188.127.237.45:443
• 2a07:2f00:1337:10:250:56ff:febd:4386:443
• 185.233.203.43:31337
• 77.76.145.150:443
• 120.26.222.182:8443
• 69.46.36.210:31337
• 188.119.67.185:443
• 15.235.130.29:60237
• 142.93.140.199:31337
• 103.85.110.13:31337
• 165.227.231.125:31337
• 139.162.105.67:31337
• 159.89.204.198:31337
• 185.142.184.133:443
• 167.71.51.239:31337
• 147.182.170.15:31337
• 84.32.44.210:64543
• 93.95.229.168:31337
• 62.113.115.249:31337
• 185.196.9.214:80
• 57.151.120.22:443
• 74.103.149.82:31337
• 146.190.211.40:31337
• 2402:1f00:8000:800:0:0:0:1995:443
• 193.3.19.136:31337
• 137.184.57.89:31337
• 135.125.255.44:31337
• 34.29.187.33:443
• 51.159.234.90:443
• 109.234.35.14:31337
• 212.53.167.167:31337
• 167.99.16.48:31337
• 143.198.3.13:31337
• 185.34.52.140:31337
• 2607:5300:205:200:0:0:0:469e:443
• 45.120.52.106:31337
• 203.205.6.67:31337
• 45.32.124.195:443
• 18.188.31.230:443
• 205.185.121.28:31337
• 209.38.194.149:8443
• 185.130.45.147:31337
• 118.25.142.205:6553
• 46.148.26.72:443
• 43.136.98.30:9009
• 45.33.103.13:443
• 13.51.85.88:443
• 185.219.84.231:31337
• 103.85.25.168:3000
• 159.203.125.55:31337
• 139.59.86.71:31337
• 148.113.182.51:443
• 67.205.164.149:443
• 23.105.193.194:31337
• 72.142.102.168:443
• 194.87.68.191:31337
• 52.15.184.142:443
• 20.163.182.1:443
• 104.193.69.161:443
• 89.147.111.163:31337
• 110.173.59.146:31337
• 207.174.3.213:38443
• 5.181.156.104:7777
• 192.121.87.111:31337
• 92.38.241.93:31337
• 45.87.247.63:443
• 20.2.18.117:4433
• 93.95.97.102:443
• 185.130.44.166:31337
• 193.123.61.173:31337
• 144.208.127.115:37821
• 47.238.44.41:8443
• 104.244.74.178:31337
• 64.227.65.209:443
• 24.199.88.54:443
• 35.226.167.237:443
• 18.212.125.154:443
• 20.211.145.94:31337
• 117.72.68.194:33389
• 136.144.162.237:31337
• 45.11.181.128:443
• 188.120.248.116:31337
• 23.94.44.162:8443
• 156.245.13.101:31337
• 208.85.22.155:443
• 172.96.137.224:13975
• 49.232.29.245:31337
• 111.68.7.123:31337
• 5.252.176.30:443
• 117.72.16.69:60000
• 185.200.221.19:443
• 194.87.213.6:443
• 62.109.22.162:31337
• 165.227.99.110:31337
• 217.182.76.45:31337
• 146.190.149.217:31337
• 192.241.128.7:31337
• 157.90.21.73:31337
• 85.215.215.94:41056
• 2800:6c0:5:0:0:0:0:1163:443
• 80.78.25.152:42753
• 67.217.62.106:41337
• 94.237.62.79:31337
• 47.109.55.151:31337
• 35.188.65.13:443
• 45.154.14.228:31337
• 94.237.61.149:31337
• 35.239.247.201:443
• 34.142.201.103:443
• 4.145.106.87:31337
• 94.237.72.91:31337
• 205.234.146.142:443
• 129.226.148.15:9090
• 185.216.68.217:31337
• 80.87.206.160:31337
• 51.15.254.78:31337
• 188.124.59.14:45361
• 156.245.13.36:31337
• 41.216.189.133:443
• 159.89.204.231:443
• 149.28.25.144:55556
• 43.139.118.222:9090
• 144.21.56.77:443
• 140.238.221.59:31337
• 124.71.84.65:8899
• 8.220.197.83:31337
• 3.8.115.155:31337
• 167.71.184.214:31337
• 62.109.22.132:31337
• 194.48.248.151:443
• 194.87.107.61:443
• 217.195.153.209:24589
• 20.163.24.129:443
• 154.31.217.204:31337
• 5.8.10.66:31337
• 3.145.12.185:443
• 173.255.226.84:31337
• 37.48.71.106:443
• 190.14.37.116:31337
• 45.61.169.127:31337
• 45.61.159.18:31337
• 173.230.131.20:443
• 137.184.150.148:31337
• 216.118.230.115:31337
• 141.95.172.125:31337
• 198.46.233.215:20002
• 165.227.204.151:31337
• 107.21.247.186:443
• 137.184.190.241:31337
• 216.118.230.118:31337
• 8.210.236.220:31337
• 39.104.50.190:31337
• 109.107.175.64:31337
• 50.116.32.159:31337
• 47.109.65.22:31337
• 35.176.207.29:443
• 104.248.249.135:31337
• 121.40.160.72:8443
• 8.222.138.62:31337
• 20.206.138.78:31337
• 8.217.104.91:55443
• 162.120.71.38:31337
• 64.226.101.105:31337
• 165.227.47.240:31337
• 193.3.23.122:31337
• 159.203.82.72:31337
• 159.65.241.15:31337
• 15.235.197.180:31337
• 43.207.79.213:443
• 15.235.166.83:31337
• 46.101.140.228:31337
• 172.86.73.26:31337
• 194.233.73.173:31337
• 99.71.156.88:31337
• 54.206.68.125:31337
• 124.158.5.149:31337
• 43.156.17.19:31337
• 45.8.146.45:31337
• 104.248.19.131:31337
• 167.114.2.2:31337
• 180.76.172.12:31337
• 134.122.48.158:31337
• 176.123.169.64:31337
• 91.151.93.75:9443
• 176.124.199.126:443
• 136.244.78.33:443
• 47.242.111.13:443
• 209.38.216.156:2087
• 130.61.130.111:2087
• 89.208.253.204:4433