MalChain Detections GitHub

MalChain

A behaviour-centric malware kill-chain framework. Six phases, 52 techniques, each mapped to ready-to-run KQL and YARA detections.

6
Phases
52
Techniques
52
KQL Rules
30
YARA Rules

The kill chain

Each phase consumes the outputs of the previous one — from initial access to final impact. Pick a phase to drill into its techniques and detections.