security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 45 Packages Projects Releases Wiki Activity
Files
d27d120401dba7168da4cd49a153e8146437b540
blue-team-tools/rules-emerging-threats
T
History
Swachchhanda Shrawan Poudel aecbc1563c Merge PR #5387 from @swachchhanda000 - SAP NetWeaver Webshell 
new: Potential SAP NetWeaver Webshell Creation - Linux
new: Potential SAP NetWeaver Webshell Creation
new: Suspicious Child Process of SAP NetWeaver - Linux
new: Suspicious Child Process of SAP NetWeaver
2025-10-01 12:57:42 +02:00
..
2010/Exploits/CVE-2010-5278
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
2014
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
2015/Exploits/CVE-2015-1641
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
2017
Merge PR #5451 from @frack113 - chore: cleanup metadata
2025-06-04 13:33:36 +02:00
2018
Merge PR #5418 from @frack113 - chore: 🧹 Update MITRE V17 DLL tags
2025-05-15 12:17:10 +02:00
2019
Merge PR #5473 from @frack113 - chore: add ET and TH tags
2025-06-12 10:21:24 +02:00
2020
Merge PR #5473 from @frack113 - chore: add ET and TH tags
2025-06-12 10:21:24 +02:00
2021
Merge PR #5473 from @frack113 - chore: add ET and TH tags
2025-06-12 10:21:24 +02:00
2022
Merge PR #5630 from @phantinuss - Revert "chore: improve windash order in modifiers"
2025-08-28 20:11:57 +02:00
2023
Merge PR #5602 from @Neo23x0 - FPs with mknod
2025-10-01 11:28:58 +02:00
2024
Merge PR #5477 from @phantinuss - chore: update MITRE tag t1219 to t1219.002
2025-06-13 10:00:52 +02:00
2025
Merge PR #5387 from @swachchhanda000 - SAP NetWeaver Webshell
2025-10-01 12:57:42 +02:00
README.md
chore: move rules to new folders (#4205)
2023-05-02 23:17:57 +02:00

README.md

Emerging Threats Rules

This folder contains rules that belongs to the "emerging-threats" category of SIGMA. This category aims to cover specific threats that are timely and relevant for certain periods of time. These threats include specific APT campaigns, exploitation of Zero-Day vulnerabilities, specific malware used during an attack,...etc.

The folder structure is split by year and every folder can contain two sub-folders

  • Exploits: Contains specific rules that cover exploitation of vulnerabilities.
  • Malware: Contains specific rules that cover malware, ransomware and any type of suspicious software used by Threat Actors or malicious actors
  • TA: Contains specific rules that cover APT, Threat Actor and malware activities.
Reference in New Issue View Git Blame Copy Permalink