├── sigma ├── APT │ └── APT29 │ │ └── detection.yml ├── CVE │ └── CVE-2022-34713.yaml ├── Spring4Shell.yaml ├── T1005 │ └── ram_capture.yml ├── T1049 │ ├── README.txt │ └── wifi_enumeration.yaml ├── T1190 │ ├── CVE-2024-40711.yaml │ └── README.txt ├── T1543.001 │ ├── launchagent.yml │ └── readme.txt ├── T1543.003 │ ├── APT │ │ └── deeppanda.yaml │ ├── ransomware │ │ └── PDQRunner.yaml │ └── readme.txt ├── T1548.002 │ ├── UAC_bypass_by_registry_set.yaml │ └── readme.txt ├── T1570 │ ├── malware │ │ └── CobaltStrike │ │ │ └── CSAK_default_binaries_named_pipe.yaml │ └── readme.txt ├── T1574.001 │ ├── readme.txt │ └── shadowpad_dropped_dll_loader.yaml ├── T1574.012 │ ├── cor_profiler_via_cmdline.yml │ └── readme.txt ├── TA0002 │ ├── ransomware │ │ └── PDQRunner.yaml │ └── readme.txt ├── attack.t1059.008 │ └── CISA_AA25-239A.yaml ├── emotet │ └── 12_2020 │ │ └── sigma.yaml ├── t1059 │ ├── CVE-2023-38831.yaml │ └── README.txt ├── t1068 │ └── CVE-2025-53136.yml ├── t1105 │ ├── MSSQL_BCP_Utility_Abuse.yaml │ └── readme.txt ├── t1218.011 │ ├── README.txt │ └── qbot_Dec_2023.yaml └── t1562.001 │ ├── README.txt │ └── crond.yml ├── suricata ├── InfamousChisel.rules └── qbot_dec_2023.rules └── yara ├── APT └── Wiper │ └── ZeroCleare.yar ├── CVE-2021-27065.yar ├── HetropoRyuk.yar ├── SevenZip_LZMA_RCNORM_BF_EXPLOIT.yar ├── generic └── nirsoft.yar ├── loaders └── darkgate.yar ├── ransomware ├── ESXiArgs.yar └── blackbasta │ └── yara.yar ├── scienron └── Scarab_Scieron_928322_10913.yar └── spyware └── triangleDB.yar /sigma/APT/APT29/detection.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/APT/APT29/detection.yml -------------------------------------------------------------------------------- /sigma/CVE/CVE-2022-34713.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/CVE/CVE-2022-34713.yaml -------------------------------------------------------------------------------- /sigma/Spring4Shell.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/Spring4Shell.yaml -------------------------------------------------------------------------------- /sigma/T1005/ram_capture.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1005/ram_capture.yml -------------------------------------------------------------------------------- /sigma/T1049/README.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1049/README.txt -------------------------------------------------------------------------------- /sigma/T1049/wifi_enumeration.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1049/wifi_enumeration.yaml -------------------------------------------------------------------------------- /sigma/T1190/CVE-2024-40711.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1190/CVE-2024-40711.yaml -------------------------------------------------------------------------------- /sigma/T1190/README.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1190/README.txt -------------------------------------------------------------------------------- /sigma/T1543.001/launchagent.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1543.001/launchagent.yml -------------------------------------------------------------------------------- /sigma/T1543.001/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1543.001/readme.txt -------------------------------------------------------------------------------- /sigma/T1543.003/APT/deeppanda.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1543.003/APT/deeppanda.yaml -------------------------------------------------------------------------------- /sigma/T1543.003/ransomware/PDQRunner.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1543.003/ransomware/PDQRunner.yaml -------------------------------------------------------------------------------- /sigma/T1543.003/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1543.003/readme.txt -------------------------------------------------------------------------------- /sigma/T1548.002/UAC_bypass_by_registry_set.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1548.002/UAC_bypass_by_registry_set.yaml -------------------------------------------------------------------------------- /sigma/T1548.002/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1548.002/readme.txt -------------------------------------------------------------------------------- /sigma/T1570/malware/CobaltStrike/CSAK_default_binaries_named_pipe.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1570/malware/CobaltStrike/CSAK_default_binaries_named_pipe.yaml -------------------------------------------------------------------------------- /sigma/T1570/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1570/readme.txt -------------------------------------------------------------------------------- /sigma/T1574.001/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1574.001/readme.txt -------------------------------------------------------------------------------- /sigma/T1574.001/shadowpad_dropped_dll_loader.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1574.001/shadowpad_dropped_dll_loader.yaml -------------------------------------------------------------------------------- /sigma/T1574.012/cor_profiler_via_cmdline.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1574.012/cor_profiler_via_cmdline.yml -------------------------------------------------------------------------------- /sigma/T1574.012/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/T1574.012/readme.txt -------------------------------------------------------------------------------- /sigma/TA0002/ransomware/PDQRunner.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/TA0002/ransomware/PDQRunner.yaml -------------------------------------------------------------------------------- /sigma/TA0002/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/TA0002/readme.txt -------------------------------------------------------------------------------- /sigma/attack.t1059.008/CISA_AA25-239A.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/attack.t1059.008/CISA_AA25-239A.yaml -------------------------------------------------------------------------------- /sigma/emotet/12_2020/sigma.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/emotet/12_2020/sigma.yaml -------------------------------------------------------------------------------- /sigma/t1059/CVE-2023-38831.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/t1059/CVE-2023-38831.yaml -------------------------------------------------------------------------------- /sigma/t1059/README.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/t1059/README.txt -------------------------------------------------------------------------------- /sigma/t1068/CVE-2025-53136.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/t1068/CVE-2025-53136.yml -------------------------------------------------------------------------------- /sigma/t1105/MSSQL_BCP_Utility_Abuse.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/t1105/MSSQL_BCP_Utility_Abuse.yaml -------------------------------------------------------------------------------- /sigma/t1105/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/t1105/readme.txt -------------------------------------------------------------------------------- /sigma/t1218.011/README.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/t1218.011/README.txt -------------------------------------------------------------------------------- /sigma/t1218.011/qbot_Dec_2023.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/t1218.011/qbot_Dec_2023.yaml -------------------------------------------------------------------------------- /sigma/t1562.001/README.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/t1562.001/README.txt -------------------------------------------------------------------------------- /sigma/t1562.001/crond.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/sigma/t1562.001/crond.yml -------------------------------------------------------------------------------- /suricata/InfamousChisel.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/suricata/InfamousChisel.rules -------------------------------------------------------------------------------- /suricata/qbot_dec_2023.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/suricata/qbot_dec_2023.rules -------------------------------------------------------------------------------- /yara/APT/Wiper/ZeroCleare.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/yara/APT/Wiper/ZeroCleare.yar -------------------------------------------------------------------------------- /yara/CVE-2021-27065.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/yara/CVE-2021-27065.yar -------------------------------------------------------------------------------- /yara/HetropoRyuk.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/yara/HetropoRyuk.yar -------------------------------------------------------------------------------- /yara/SevenZip_LZMA_RCNORM_BF_EXPLOIT.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/yara/SevenZip_LZMA_RCNORM_BF_EXPLOIT.yar -------------------------------------------------------------------------------- /yara/generic/nirsoft.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/yara/generic/nirsoft.yar -------------------------------------------------------------------------------- /yara/loaders/darkgate.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/yara/loaders/darkgate.yar -------------------------------------------------------------------------------- /yara/ransomware/ESXiArgs.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/yara/ransomware/ESXiArgs.yar -------------------------------------------------------------------------------- /yara/ransomware/blackbasta/yara.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/yara/ransomware/blackbasta/yara.yar -------------------------------------------------------------------------------- /yara/scienron/Scarab_Scieron_928322_10913.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/yara/scienron/Scarab_Scieron_928322_10913.yar -------------------------------------------------------------------------------- /yara/spyware/triangleDB.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/edelucia/rules/HEAD/yara/spyware/triangleDB.yar --------------------------------------------------------------------------------