Assorted, MIT licensed, threat hunting rules from @bradleyjkemp
apfell/: Sigma rules for detecting the https://github.com/its-a-feature/Mythic MacOS implant:- Temporary keychain file created on Apfell agent launch as part of its session key generation implementation
- IOCs for a couple of the agent functions built-in to the standard Apfell payload