Overview
This section contains detection logic for SIEM/EDR platforms, including Sigma and YARA rules.
Rules are mapped to MITRE ATT&CK techniques for triage and hunting.
Available Detections
March 2026
- Detection Rules — ZeroTrace Multi-Family MaaS Operation (Open Directory 74.0.42.25)
- Detection Rules - Sliver C2 / ScareCrow Loader Open Directory Kit (45.94.31.220)
February 2026
- Webserver Compromise Kit 91.236.230.250
- Detection Rules - Remcos RAT OpenDirectory Campaign
- NsMiner Cryptojacker - Detection Rules
January 2026
- Arsenal-237 New Files: full_test_enc.exe (Advanced Rust Ransomware)
- Arsenal-237 New Files: new_enc.exe (Human-Operated Rust Ransomware)
- Arsenal-237 New Files: dec_fixed.exe (Ransomware Decryptor)
- Arsenal-237 New Files: enc_c2.exe (Rust Ransomware with Tor C2)
- Arsenal-237 New Files: chromelevator.exe (Browser Credential Theft)
- Arsenal-237 New Files: nethost.dll (DLL Hijacking Persistence)
- Arsenal-237 New Files: rootkit.dll (Kernel-Mode Rootkit)
- Arsenal-237 New Files: BdApiUtil64.sys (Vulnerable Baidu Driver)
- Arsenal-237 New Files: lpe.exe (Privilege Escalation)
- Arsenal-237 New Files: killer_crowdstrike.dll (CrowdStrike-Specific Termination)
- Arsenal-237 New Files: killer.dll (BYOVD Process Termination)
- Arsenal-237: enc/dec Ransomware Family
- Arsenal-237: uac_test.exe
- Arsenal-237: FleetAgentFUD.exe
- Arsenal-237: FleetAgentAdvanced.exe
- Arsenal-237: agent_xworm_v2.exe (XWorm RAT v2.4.0)
- Arsenal-237: agent_xworm.exe (XWorm RAT v6)
- Arsenal-237: agent.exe (PoetRAT)
December 2025
- Detection Rules - Dual-RAT Analysis: Pulsar RAT vs. NjRAT/XWorm
- Detection Rules - PULSAR RAT (server.exe)
November 2025
- Hybrid Loader/Stealer Ecosystem Masquerading as Sogou
- Houselet.exe - The Go-Based Loader Masquerading as PlayStation Remote Play
October 2025
Usage
- Deploy Sigma/YARA rules in your SIEM/EDR.
- Map detections to ATT&CK techniques for triage.
- Adapt rules for your environment’s telemetry sources.
License
Detection rules are licensed under Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0).
Free to use in your environment, but not for commercial purposes.