Threat actors evade detection by adopting the Sliver command-and-control (C2) framework in intrusion campaigns.