anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1ad15470a17eef15fff9f9eb4fca380c31613609
DECNET/rules/ttp
History
anti 1ad15470a1 feat(ttp): E.3.8 R0041-R0048 email cohort 
8 YAMLs for the email cohort per Appendix B: open-relay abuse,
mass phishing, phishing-kit X-Mailer signatures, IDN/punycode
URLs, sender masquerade, malicious attachment, BEC, encoded
payload in body. EmailLifter (E.3.12) consumes by rule_id.

test_email_rules.py: YAML-present + inert-in-v0 + xfail(strict)
precision case gated on E.3.12.
2026-05-01 09:19:56 -04:00
..
R0001.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0002.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0003.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0004.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0005.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0006.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0007.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0008.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0009.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0010.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0011.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0012.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0013.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0014.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0015.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0016.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0017.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0018.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0019.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0020.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0021.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0022.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0023.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0024.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0025.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0026.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0027.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0028.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0029.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0030.yaml
feat(ttp): E.3.8 R0001-R0030 command cohort
2026-05-01 09:16:38 -04:00
R0031.yaml
feat(ttp): E.3.8 R0031-R0040 behavioral cohort
2026-05-01 09:18:27 -04:00
R0032.yaml
feat(ttp): E.3.8 R0031-R0040 behavioral cohort
2026-05-01 09:18:27 -04:00
R0033.yaml
feat(ttp): E.3.8 R0031-R0040 behavioral cohort
2026-05-01 09:18:27 -04:00
R0034.yaml
feat(ttp): E.3.8 R0031-R0040 behavioral cohort
2026-05-01 09:18:27 -04:00
R0035.yaml
feat(ttp): E.3.8 R0031-R0040 behavioral cohort
2026-05-01 09:18:27 -04:00
R0036.yaml
feat(ttp): E.3.8 R0031-R0040 behavioral cohort
2026-05-01 09:18:27 -04:00
R0037.yaml
feat(ttp): E.3.8 R0031-R0040 behavioral cohort
2026-05-01 09:18:27 -04:00
R0038.yaml
feat(ttp): E.3.8 R0031-R0040 behavioral cohort
2026-05-01 09:18:27 -04:00
R0039.yaml
feat(ttp): E.3.8 R0031-R0040 behavioral cohort
2026-05-01 09:18:27 -04:00
R0040.yaml
feat(ttp): E.3.8 R0031-R0040 behavioral cohort
2026-05-01 09:18:27 -04:00
R0041.yaml
feat(ttp): E.3.8 R0041-R0048 email cohort
2026-05-01 09:19:56 -04:00
R0042.yaml
feat(ttp): E.3.8 R0041-R0048 email cohort
2026-05-01 09:19:56 -04:00
R0043.yaml
feat(ttp): E.3.8 R0041-R0048 email cohort
2026-05-01 09:19:56 -04:00
R0044.yaml
feat(ttp): E.3.8 R0041-R0048 email cohort
2026-05-01 09:19:56 -04:00
R0045.yaml
feat(ttp): E.3.8 R0041-R0048 email cohort
2026-05-01 09:19:56 -04:00
R0046.yaml
feat(ttp): E.3.8 R0041-R0048 email cohort
2026-05-01 09:19:56 -04:00
R0047.yaml
feat(ttp): E.3.8 R0041-R0048 email cohort
2026-05-01 09:19:56 -04:00
R0048.yaml
feat(ttp): E.3.8 R0041-R0048 email cohort
2026-05-01 09:19:56 -04:00