Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts

**Executive Summary:** This report analyzes two open directories (94.198.53.143 and 185.234.216.64) hosting batch scripts and binaries tied to PoshC2, Sliver, SystemBC and other tooling; the artifacts include scripts to disable AV, delete backups/shadow copies, enable RDP/backdoors, and deploy remote agents, and the authors provide IOCs, file hashes, MITRE mappings, and evidence of active C2 infrastructure observed through August 2024.