anpa1200/cti-detection-pack

# cti-detection-pack Detection artifacts derived from CTI reports, malware-analysis output, and threat-hunting articles. This repository exists to make the handoff explicit: report -> hypothesis -> detection -> validation notes ## Minimum Structure cti-detection-pack/ sigma/ yara/ attack-navigator/ iocs/ hunts/ references/ validation/ ## First Seed Start with: - Handala / Void Manticore. - Sandworm / APT44. - MuddyWater / Seedworm. - APT41 / DragonRx. - Android-Malware-Analysis YARA output. - AIDebug YARA examples. ## Artifact Contract | Artifact | Purpose | |---|---| | Sigma | SIEM-portable detection logic | | YARA | File and malware-family detection seed | | ATT&CK Navigator | Technique coverage visualization | | IOC lists | Enrichment and blocking review | | Hunt hypotheses | Analyst-driven investigation paths | | Validation notes | Reproducibility and false-positive handling | ## Flagship Milestone This becomes a flagship when at least one report has a complete detection package: Sigma, YARA, ATT&CK layer, IOC list, and validation notes.