Commit 9576763
committed
Sync Collecting Detection Rules: Fri May 15 04:29:55 UTC 2026
Signed-off-by: AboutCode Automation <automation@aboutcode.org>1 parent 715f80a commit 9576763
112,252 files changed
Lines changed: 3984041 additions & 0 deletions
File tree
- data
- clamv
- sigma/006d8a4d6e3ea24949907ea9c22f1d5b06467ceaa9e35c49aa44866c854c8901
- other
- rules-compliance
- other
- product/qualys
- rules-emerging-threats
- 2010/Exploits/CVE-2010-5278
- 2014
- Exploits/CVE-2014-6287
- TA
- Axiom
- Turla
- 2015/Exploits/CVE-2015-1641
- 2017
- Exploits
- CVE-2017-0261
- CVE-2017-11882
- CVE-2017-8759
- Malware
- Adwind-RAT
- CosmicDuke
- Fireball
- Hancitor
- NotPetya
- PlugX
- StoneDrill
- WannaCry
- TA
- APT10
- Dragonfly
- Equation-Group
- Lazarus
- Pandemic
- Turla
- 2018
- Exploits
- CVE-2018-13379
- CVE-2018-15473
- CVE-2018-2894
- Malware/Elise-Backdoor
- TA
- APT27
- APT28
- APT29-CozyBear
- APT32-Oceanlotus
- MuddyWater
- OilRig
- Slingshot
- TropicTrooper
- 2019
- Exploits
- BearLPE-Exploit
- CVE-2019-0708
- CVE-2019-11510
- CVE-2019-1378
- CVE-2019-1388
- CVE-2019-14287
- CVE-2019-19781
- CVE-2019-3398
- Malware
- BabyShark
- Chafer
- Dridex
- Dtrack-RAT
- Emotet
- Formbook
- LockerGoga
- QBot
- Ryuk
- Snatch
- Ursnif
- TA
- APC-C-12
- APT31
- APT40
- Bear-APT-Activity
- EmpireMonkey
- EquationGroup
- MustangPanda
- Operation-Wocao
- 2020
- Exploits
- CVE-2020-0688
- CVE-2020-10148
- CVE-2020-10189
- CVE-2020-1048
- CVE-2020-1350
- CVE-2020-1472
- CVE-2020-14882
- CVE-2020-28188
- CVE-2020-3452
- CVE-2020-5902
- CVE-2020-8193
- Malware
- Blue-Mockingbird
- ComRAT
- Emotet
- FlowCloud
- Ke3chang-TidePool
- Maze
- Trickbot
- TA
- Evilnum
- GALLIUM
- Greenbug
- Lazarus
- Leviathan
- SolarWinds-Supply-Chain
- TAIDOOR-RAT
- Winnti
- 2021
- Exploits
- CVE-2021-1675
- CVE-2021-20090
- CVE-2021-2109
- CVE-2021-21972
- CVE-2021-21978
- CVE-2021-22005
- CVE-2021-22123
- CVE-2021-22893
- CVE-2021-26084
- CVE-2021-26814
- CVE-2021-26857
- CVE-2021-26858
- CVE-2021-27905
- CVE-2021-28480
- CVE-2021-33766
- CVE-2021-33771
- CVE-2021-35211
- CVE-2021-38647
- CVE-2021-4034
- CVE-2021-40444
- CVE-2021-40539
- CVE-2021-41379
- CVE-2021-41773
- CVE-2021-42237
- CVE-2021-42278
- CVE-2021-42287
- CVE-2021-42321
- CVE-2021-43798
- CVE-2021-44077
- CVE-2021-44228
- ProxyShell-Exploit
- RazerInstaller-LPE-Exploit
- SystemNightmare-Exploit
- VisualDoor-Exploit
- Malware
- BlackByte
- Conti
- DarkSide
- Devil-Bait
- FoggyWeb
- Goofy-Guineapig
- Moriya-Rootkit
- Netwire
- Pingback
- Small-Sieve
- TA
- HAFNIUM
- Kaseya-Supply-Chain
- PRIVATELOG
- SOURGUM
- UNC2546
- 2022
- Exploits
- CVE-2022-21554
- CVE-2022-21587
- CVE-2022-21919
- CVE-2022-22954
- CVE-2022-24527
- CVE-2022-26134
- CVE-2022-26809
- CVE-2022-27925
- CVE-2022-29072
- CVE-2022-29799
- CVE-2022-30190
- CVE-2022-31656
- CVE-2022-31659
- CVE-2022-33891
- CVE-2022-36804
- CVE-2022-37966
- CVE-2022-41082
- CVE-2022-41120
- CVE-2022-42475
- CVE-2022-44877
- CVE-2022-46169
- Malware
- BlueSky-Ransomware
- Bumblebee
- ChromeLoader
- Emotet
- Hermetic-Wiper
- Raspberry-Robin
- Serpent-Backdoor
- SocGholish
- TA
- ACTINIUM
- MERCURY
- 2023
- Exploits
- CVE-2023-1389
- CVE-2023-20198
- CVE-2023-21554
- CVE-2023-22518
- CVE-2023-2283
- CVE-2023-23397
- CVE-2023-23752
- CVE-2023-25157
- CVE-2023-25717
- CVE-2023-27363
- CVE-2023-27997
- CVE-2023-34362-MOVEit-Transfer-Exploit
- CVE-2023-36874
- CVE-2023-36884
- CVE-2023-38831
- CVE-2023-40477
- CVE-2023-43261
- CVE-2023-46214
- CVE-2023-46747
- CVE-2023-4966
- Windows-Server-Unknown-Exploit
- Malware
- COLDSTEEL
- DarkGate
- Griffon
- GuLoader
- IcedID
- Pikabot
- Qakbot
- Rhadamanthys
- Rorschach
- SNAKE
- Ursnif
- TA
- 3CX-Supply-Chain
- Cozy-Bear
- Diamond-Sleet
- EquationGroup
- FIN7
- Lace-Tempest
- Lazarus
- Mint-Sandstorm
- Mustang-Panda-Australia-Campaign
- Okta-Support-System-Breach
- Onyx-Sleet
- PaperCut-Print-Management-Exploitation
- Peach-Sandstorm
- UNC4841-Barracuda-ESG-Zero-Day-Exploitation
- 2024
- Exploits
- CVE-2024-1212
- CVE-2024-1708
- CVE-2024-1709
- CVE-2024-3094
- CVE-2024-3400
- CVE-2024-35250
- CVE-2024-37085
- CVE-2024-49113
- CVE-2024-50623
- Malware
- CSharp-Streamer
- DarkGate
- Generic
- KamiKakaBot
- Lummac-Stealer
- Raspberry-Robin
- kapeka
- TA
- DPRK
- FIN7
- Forest-Blizzard
- SlashAndGrab-Exploitation-In-Wild
- 2025
- Exploits
- CVE-2025-10035
- CVE-2025-20333
- CVE-2025-24054
- CVE-2025-30406
- CVE-2025-31161
- CVE-2025-31324
- CVE-2025-32463
- CVE-2025-33053
- CVE-2025-40551
- CVE-2025-4427
- CVE-2025-49144
- CVE-2025-53770
- CVE-2025-54309
- CVE-2025-55182
- CVE-2025-57788
- CVE-2025-57790
- CVE-2025-57791
- CVE-2025-59287
- CVE_2025_4598
- Malware
- Atomic-MacOS-Stealer
- Grixba
- Katz-Stealer
- Shai-Hulud
- 2026
- Exploits
- CVE-2026-33829
- RedSun
- Malware/Axios-NPM-Compromise
- TA/TeamPCP
- rules-placeholder
- cloud
- aws/cloudtrail
- azure
- audit_logs
- signin_logs
- identity/okta
- windows
- builtin/security
- dns_query
- network_connection
- process_creation
- rules-threat-hunting
- cloud
- azure/signin_logs
- m365/audit
- okta
- linux
- file/file_event
- process_creation
- macos
- file/file_event
- process_creation
- network
- web/proxy_generic
- windows
- builtin
- appxdeployment_server
- firewall_as
- security
- account_management
- create_remote_thread
- file
- file_access
- file_change
- file_delete
- file_event
- file_rename
- image_load
- network_connection
- pipe_created
- powershell
- powershell_classic
- powershell_module
- powershell_script
- process_access
- process_creation
- registry
- registry_event
- registry_set
- rules
- application
- bitbucket/audit
- django
- github/audit
- jvm
- kubernetes/audit
- nodejs
- opencanary
- python
- rpc_firewall
- ruby
- spring
- sql
- velocity
- category
- antivirus
- database
- cloud
- aws/cloudtrail
- azure
- activity_logs
- audit_logs
- identity_protection
- privileged_identity_management
- signin_logs
- gcp
- audit
- gworkspace
- admin
- login
- m365
- audit
- exchange
- threat_detection
- threat_management
- identity
- cisco_duo
- okta
- onelogin
- linux
- auditd
- execve
- path
- service_stop
- syscall
- builtin
- clamav
- cron
- guacamole
- sshd
- syslog
- vsftpd
- file_event
- network_connection
- process_creation
- macos
- file_event
- process_creation
- network
- cisco
- aaa
- bgp
- ldp
- dns
- firewall
- fortinet/fortigate
- huawei/bgp
- juniper/bgp
- zeek
- web
- product
- apache
- nginx
- proxy_generic
- webserver_generic
- windows
- builtin
- application
- Other
- application_error
- esent
- microsoft-windows_audit_cve
- microsoft_windows_backup
- microsoft_windows_software_restriction_policies
- msiinstaller
- mssqlserver
- screenconnect
- windows_error_reporting
- applocker
- appmodel_runtime
- appxdeployment_server
- appxpackaging_om
- bits_client
- capi2
- certificate_services_client_lifecycle_system
- code_integrity
- diagnosis/scripted
- dns_client
- dns_server
- driverframeworks
- firewall_as
- iis-configuration
- ldap
- lsa_server
- msexchange
- ntlm
- openssh
- security_mitigations
- security
- account_management
- object_access
- servicebus
- shell_core
- smbclient/security
- smbserver/connectivity
- system
- application_popup
- lsasrv
- microsoft_windows_Iphlpsvc
- microsoft_windows_certification_authority
- microsoft_windows_dhcp_server
- microsoft_windows_distributed_com
- microsoft_windows_eventlog
- microsoft_windows_kerberos_key_distribution_center
- microsoft_windows_kernel_general
- microsoft_windows_ntfs
- microsoft_windows_wer_systemerrorreporting
- microsoft_windows_windows_update_client
- netlogon
- ntfs
- service_control_manager
- taskscheduler
- terminalservices
- windefend
- wmi
- create_remote_thread
- create_stream_hash
- dns_query
- driver_load
- file
- file_access
- file_change
- file_delete
- file_event
- file_executable_detected
- file_rename
- image_load
- network_connection
- pipe_created
- powershell
- powershell_classic
- powershell_module
- powershell_script
- process_access
- process_creation
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Large diffs are not rendered by default.
Large diffs are not rendered by default.
0 commit comments