montysecurity
commented
5 months ago Adding this, thank you!
"Supershell C2": [ "http.html_hash:84573275", "http.favicon.hash:-1010228102", "http.title:'Supershell - 登录'" ]
Closed corumir closed 5 months ago
montysecurity
commented
5 months ago Adding this, thank you!
"Supershell C2": [ "http.html_hash:84573275", "http.favicon.hash:-1010228102", "http.title:'Supershell - 登录'" ]
This falls into the same category as "sliver", "metasploit", and so on.
https://github.com/tdragon6/Supershell/blob/main/README_EN.md SuperShell
I'd use this for a consistent verifiable pivot:
http.favicon.hash:-1010228102
https://www.shodan.io/search?query=http.favicon.hash%3A-1010228102