This repo serves as a home for detection content developed by the delivr.to team.
All rules present in this repo have corresponding payloads (linked in references and shown below) that can be used to test detection content.
The repo currently holds the following types of detections:
Below is the list of rules for Sublime Security, organised into General and Threat Intel specific folders.
You can also integrate delivr.to directly with Sublime as mentioned here and documented here.
Below is the list of Yara rules in the repo.
Rule Name | Type | Payload |
---|---|---|
SUSP_HTML_WASM_Smuggling | General | |
SUSP_HTML_B64_WASM_Blob | General | |
SUSP_ZPAQ_Archive_Nov23 | General | |
SUSP_PDF_MHT_ActiveMime_Sept23 | General | |
SUSP_SVG_Onload_Onerror_Jul23 | General | |
SUSP_OneNote_Repeated_FileDataReference_Feb23 | Threat Intel | |
SUSP_OneNote_RTLO_Character_Feb23 | Threat Intel | |
SUSP_OneNote_Win_Script_Encoding_Feb23 | Threat Intel | |
SUSP_msg_CVE_2023_23397_Mar23 | Threat Intel | |
SUSP_CONCAT_ZIP_Nov24 | Threat Intel | |
SUSP_SVG_ForeignObject_Nov24 | Threat Intel |
Below is the list of Sigma rules in the repo.
Rule Name | Type | Payload |
---|---|---|
PDF HTML Smuggling | Threat Intel |