This detection rule monitors the creation of a GitHub repository specifically for identifiers associated with a known malicious campaign named 'Sha1-Hulud 2.0'. It triggers when a repository is created with the exact description 'Sha1-Hulud: The Second Coming.' This phrase is used as an indicator of compromise (IoC) and suggests potential malicious activity involving supply chain threats. The rule is categorized under high severity due to its potentially significant implications for security, particularly in terms of software integrity and supply chain security. Upon triggering, the detection will initiate a series of response actions aimed at investigating the repository, reviewing the owner's account for signs of compromise, and notifying relevant security personnel. Best practices in handling such incidents are outlined in the provided runbook, which includes steps for immediate response and further investigation to mitigate risks and prevent possible exploits by threat actors.