JA3

Bilibili Tech

Nov 4, 2022 · Information Security

Analysis of Sliver C2 Tool Traffic Features and Detection Rules for Snort/Suricata

The paper systematically analyzes the Sliver C2 framework’s HTTP and HTTPS traffic, detailing URL, cookie, and parameter patterns as well as JA3/JA3S TLS fingerprints, and presents validated Snort and Suricata rules that reliably detect Sliver beacons while highlighting evasion challenges and broader applicability to emerging malware tools.