This repository contains a collection of detection rules for threat hunting and malware detection. The majority of the samples used for analysis and rule development are sourced from Abuse.ch and other public resources, including red team simulation tools. The primary goal of this repository is to develop detection rules that are accurate, performant, and optimized for minimal rule size.
- Botnet
- Gafgyt
- Kaiten
- Mirai
- Mozi
- PerlBot Botnet
- RAT
- AsyncRAT
- NanoCore RAT
- NjRAT