- https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors
- https://community.netwitness.com/t5/netwitness-community-blog/sliver-c2-network-and-endpoint-detection-with-netwitness/ba-p/689643
Default process created is notepad.exe through CreateRemoteThread.
mtls: 8888 wireguard: 51820
Default service name is "Sliver" with description like "Sliver implant" with a PathName starting with C:\Windows\Temp\