sigma icon indicating copy to clipboard operation
sigma copied to clipboard
verified publisher icon SigmaHQ

feat: Shai-Hulud: The Second Coming Rules

Open swachchhanda000 opened this issue 1 month ago • 0 comments

Summary of the Pull Request

Changelog

new: Shai-Hulud Malware Indicators - Github new: Shai-Hulud Malware Indicators - Linux new: Shai-Hulud Malware Indicators new: Shai-Hulud Malicious Bun Execution - Linux new: Shai-Hulud Malicious Bun Execution new: Script Interpretor Spawning Credential Scanner - Windows new: Script Interpretor Spawning Credential Scanner new: Shai-Hulud 2.0 Malicious NPM Package Installation - Linux new: Shai-Hulud 2.0 Malicious NPM Package Installation update: Shai-Hulud Malicious GitHub Workflow Creation - add more shai-hulud associated workflows update: Shai-Hulud NPM Attack GitHub Activity - add more shai-hulud associated workflows

Example Log Event

Fixed Issues

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

swachchhanda000 avatar Nov 25 '25 15:11 swachchhanda000

@ryankeairns Please make sure to fill out the PR description as that will help us track information properly.

What I'd suggest to add:

  • "Why are we making this change?"
    • something like" UI updates: modernizes the overall feel by reducing the spacing and make components less floating
  • Screenshots
    • screenshots of before and after for the updated components to show the changes
  • Impact to users
    • 🟢 No updates required on user side. ℹ️ Snapshot tests might require updates due to the updated Emotion class names.

mgadewoll avatar Dec 10 '25 13:12 mgadewoll

Oops, I forgot to update the PR description. I left this in Draft for so long :)

Thanks for the review, I will clean this and changelog up.

ryankeairns avatar Dec 10 '25 17:12 ryankeairns

ℹ️ After checking the VRT updates, I noticed an unrelated change on EuiFlyoutMenu that needed a bit of tweaking to ensure the VRT image is meaningful. I added the changes here (test(vrt): ensure EuiFlyoutMenu story is properly captured in VRT) for simplicity. I hope you don't mind.

mgadewoll avatar Dec 11 '25 12:12 mgadewoll

:green_heart: Build Succeeded

History

  • :green_heart: Build #2195 succeeded 4754120cb4485c72635a9f651bd56219ea6c7a04
  • :green_heart: Build #2193 succeeded 479c6b4b38eea441cfad8c55c2b75fe3660461c8
  • :broken_heart: Build #2192 failed 479c6b4b38eea441cfad8c55c2b75fe3660461c8
  • :broken_heart: Build #2191 failed 479c6b4b38eea441cfad8c55c2b75fe3660461c8
  • :green_heart: Build #2175 succeeded 9e4bb77697cf4624317c2f1b67192d3fadbb9493
  • :green_heart: Build #2163 succeeded 3188999716c47fbb3f092017a62d66f727d06e40

elasticmachine avatar Dec 11 '25 12:12 elasticmachine

:green_heart: Build Succeeded

History

  • :green_heart: Build #5407 succeeded 479c6b4b38eea441cfad8c55c2b75fe3660461c8
  • :green_heart: Build #5397 succeeded 9e4bb77697cf4624317c2f1b67192d3fadbb9493
  • :green_heart: Build #5389 succeeded 3188999716c47fbb3f092017a62d66f727d06e40
  • :green_heart: Build #5354 succeeded 71194b77b0a68ac06d47c07297f24c6e3c45e74a
  • :green_heart: Build #5229 succeeded 75778d4fe79ce1245001a465eae1625aafe42ce5
  • :green_heart: Build #5205 succeeded 01ff81a28a9e1dfdd412fb28e66d23199892d9d9

elasticmachine avatar Dec 11 '25 13:12 elasticmachine

Thanks @mgadewoll !

ryankeairns avatar Dec 12 '25 16:12 ryankeairns