This repository contains a collection of threat hunting rules. The majority of the samples used for analysis and rule development are sourced from Abuse.ch and other public resources, including red team simulation tools. The primary goal of this repository is to develop a collection of threat hunting rules that are accurate, performant, and optimized for minimal rule size.
- Botnet
- Gafgyt
- Kaiten
- Mirai
- Mozi
- PerlBot Botnet
- RAT
- AsyncRAT
- NanoCore RAT
- NjRAT
- Ransomware
- Limpopo