security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 45 Packages Projects Releases Wiki Activity
Files
5655f590d7f960b4dfc2668b959ece02bbe470e4
blue-team-tools/rules-emerging-threats
T
History
Florian Roth 7fc53c563e Merge PR #5925 from @Neo23x0 - Add filter for nsswitch and double extension in icons folder 
fix: Non-Standard Nsswitch.Conf Creation - Potential CVE-2025-32463 Exploitation - Add additional path for nsswitch `/usr/share/factory/etc/nsswitch.conf`
fix: Suspicious Double Extension Files - Add a new filter `/usr/share/icons/`

---------

Co-authored-by: Nasreddine Bencherchali <monsteroffire2@gmail.com>
Thanks: @marius-benthin
2026-04-01 13:55:12 +02:00
..
2010/Exploits/CVE-2010-5278
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
2014
Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field
2025-11-24 09:54:29 +01:00
2015/Exploits/CVE-2015-1641
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
2017
Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field
2025-11-24 09:54:29 +01:00
2018
Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field
2025-11-24 09:54:29 +01:00
2019
Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field
2025-11-24 09:54:29 +01:00
2020
Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field
2025-11-24 09:54:29 +01:00
2021
Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field
2025-11-24 09:54:29 +01:00
2022
Merge PR #5740 from @swachchhanda000 - chore: reorganize threat specific rules into rules-emerging-threats directory
2025-11-10 12:00:08 +01:00
2023
Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field
2025-11-24 09:54:29 +01:00
2024
Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field
2025-11-24 09:54:29 +01:00
2025
Merge PR #5925 from @Neo23x0 - Add filter for nsswitch and double extension in icons folder
2026-04-01 13:55:12 +02:00
2026
Merge PR #5923 from @swachchhanda000 - Add litellm Supply Chain Attack Related Rules
2026-04-01 13:11:45 +02:00
README.md
chore: move rules to new folders (#4205)
2023-05-02 23:17:57 +02:00

README.md

Emerging Threats Rules

This folder contains rules that belongs to the "emerging-threats" category of SIGMA. This category aims to cover specific threats that are timely and relevant for certain periods of time. These threats include specific APT campaigns, exploitation of Zero-Day vulnerabilities, specific malware used during an attack,...etc.

The folder structure is split by year and every folder can contain two sub-folders

  • Exploits: Contains specific rules that cover exploitation of vulnerabilities.
  • Malware: Contains specific rules that cover malware, ransomware and any type of suspicious software used by Threat Actors or malicious actors
  • TA: Contains specific rules that cover APT, Threat Actor and malware activities.
Reference in New Issue View Git Blame Copy Permalink