blue-team-tools/rules-emerging-threats

Emerging Threats Rules

This folder contains rules that belongs to the "emerging-threats" category of SIGMA. This category aims to cover specific threats that are timely and relevant for certain periods of time. These threats include specific APT campaigns, exploitation of Zero-Day vulnerabilities, specific malware used during an attack,...etc.

The folder structure is split by year and every folder can contain two sub-folders

• Exploits: Contains specific rules that cover exploitation of vulnerabilities.
• Malware: Contains specific rules that cover malware, ransomware and any type of suspicious software used by Threat Actors or malicious actors
• TA: Contains specific rules that cover APT, Threat Actor and malware activities.