🦀 ClawPot

Detection Rules

Auto-generated Sigma, YARA, and Suricata rules from honeypot observations

6
Total Rules
4
Active
4
Sigma
1
YARA
1
Suricata
6
Auto-Generated
540
Total Hits
S

Reconnaissance: Active Network Scanning

activemediumauto
v3
127 hits

Detects active network scanning patterns observed in honeypot targeting smart home devices

T1595T1595.001#reconnaissance#network-scan#smart-home
S

Exploitation: Command Injection via IoT Protocol

activecriticalauto
v5
89 hits

Detects command injection attempts through CoAP/MQTT payloads

T1190T1059.004#exploitation#command-injection#iot
Y

Malware: Mirai Variant Detection

activecriticalauto
v2
34 hits

YARA rule for detecting Mirai botnet variant payloads

T1059.004T1570#malware#mirai#botnet+1
N

Lateral Movement: Internal Network Probe

activehighauto
v4
56 hits

Detects lateral movement attempts from compromised IoT devices

T1570T1087#lateral-movement#network#iot
S

Credential Theft: Default Password Attempt

drafthighauto
v1
0 hits

Detects attempts to authenticate with known default IoT credentials

T1078T1110#credential-theft#default-creds#authentication
S

Discovery: Account Enumeration

disabledlowauto
v2
234 hits

Detects account enumeration attempts via API endpoints

T1087#discovery#enumeration#api