This folder contains rules that belongs to the “emerging-threats” category of SIGMA. This category aims to cover specific threats that are timely and relevant for certain periods of time. These threats include specific APT campaigns, exploitation of Zero-Day vulnerabilities, specific malware used during an attack,…etc.
The folder structure is split by year and every folder can contain two sub-folders
Exploits: Contains specific rules that cover exploitation of vulnerabilities.Malware: Contains specific rules that cover malware, ransomware and any type of suspicious software used by Threat Actors or malicious actorsTA: Contains specific rules that cover APT, Threat Actor and malware activities.