security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4989d43ae97015f8113aed2efcd49d288b8fec21
blue-team-tools/rules-emerging-threats
T
History
Swachchhanda Shrawan Poudel 3359340f21 Merge PR #4763 from @swachchhanda000 - New rules related to Raspberry Robin TTPs 
new: Potential Raspberry Robin Aclui Dll SideLoading
new: Potential Raspberry Robin Registry Set Internet Settings ZoneMap 

---------

Co-authored-by: Swachchhanda Shrawan Poudel <logpoint-admin@NP-SSP-MBP-01.local>
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
2024-08-01 11:18:12 +02:00
..
2010/Exploits/CVE-2010-5278
Update tags
2023-06-20 07:31:54 +02:00
2014
Merge PR #4533 from @nasbench - Promote experimental rules
2023-11-02 10:48:45 +01:00
2015/Exploits/CVE-2015-1641
Update tags
2023-06-20 07:31:54 +02:00
2017
Merge PR #4850 from @frack113 - Cleanup rule conditions to align with standard
2024-05-13 12:10:33 +02:00
2018
Merge PR #4916 from @frack113 - Move some rules to Emerging-Threats folder
2024-07-17 10:28:18 +02:00
2019
Merge PR #4916 from @frack113 - Move some rules to Emerging-Threats folder
2024-07-17 10:28:18 +02:00
2020
Merge PR #4940 from @fukusuket - Update unreachable references blog.menasec[.]net
2024-07-31 10:16:56 +02:00
2021
Merge PR #4891 from @nasbench - Promote older rules status from experimental to test
2024-07-01 10:42:32 +02:00
2022
Merge PR #4791 from @nasbench - Promote older rules status from experimental to test
2024-04-01 15:14:10 +02:00
2023
Merge PR #4888 from @nasbench - Add multiple new rules, updates and fixes
2024-07-17 11:04:05 +02:00
2024
Merge PR #4763 from @swachchhanda000 - New rules related to Raspberry Robin TTPs
2024-08-01 11:18:12 +02:00
README.md
chore: move rules to new folders (#4205)
2023-05-02 23:17:57 +02:00

README.md

Emerging Threats Rules

This folder contains rules that belongs to the "emerging-threats" category of SIGMA. This category aims to cover specific threats that are timely and relevant for certain periods of time. These threats include specific APT campaigns, exploitation of Zero-Day vulnerabilities, specific malware used during an attack,...etc.

The folder structure is split by year and every folder can contain two sub-folders

  • Exploits: Contains specific rules that cover exploitation of vulnerabilities.
  • Malware: Contains specific rules that cover malware, ransomware and any type of suspicious software used by Threat Actors or malicious actors
  • TA: Contains specific rules that cover APT, Threat Actor and malware activities.
Reference in New Issue View Git Blame Copy Permalink