rule bulwark_https_bulwarkblack_com_sap_netweaver_critical_zero_day_cve_2025_31324_under_active_explo
{
    meta:
        author = "Bulwark Black LLC"
        source = "https://bulwarkblack.com/sap-netweaver-critical-zero-day-cve-2025-31324-under-active-exploitation-by-initial-access-brokers/"
        description = "Auto-extracted indicators. Verify before use; not a behavioral detection rule."
        generated = "2026-07-15T22:56:57Z"
        tlp = "TLP:CLEAR"
        indicator_count = "1"
    strings:
        $s0 = "lucian_constantin@foundryco.com" ascii wide nocase  // Email Addresses
    condition:
        any of ($s*)
}
