Detection Rule List

YARA

YARA (created by Victor Alvarez at VirusTotal) is a rule-based pattern-matching tool used to identify and classify files especially malware by detecting specific textual, binary, or structural signatures.
CAPA

CAPA (by Mandiant) identifies malware capabilities by analyzing executable behavior and mapping it to known techniques.
SIGMA

SIGMA is a generic, open signature format that allows security analysts to write detection rules that can be applied across different SIEM systems.
Rule Name Rule Type Technique Count Creation Date
Detect Cuckoo Named Pipe YARA 1 6 months, 1 week
Detect XProtect Decryption YARA 1 1 year, 2 months
Detect SMTP Data Exfiltration YARA 1 1 year, 2 months
Detect Disassembly Obfuscation Rogue Byte YARA 1 1 year, 4 months
Detect VBA Purging YARA 1 1 year, 6 months
Detect Defender AV Emulator Evasion YARA 1 1 year, 7 months
Detect Al-Khaser Anti-Debug Technique YARA 1 1 year, 7 months
Impair Defenses Through Disable Windows Event Logging was Detected SIGMA 1 1 year, 7 months
Detect Cronos Crypter YARA 1 1 year, 7 months
Detect DeviceIoControl Usage YARA 1 2 years
Detect Usage of BuildCommDCBAndTimeouts YARA 1 2 years
Detect LimeCRypter Crypter YARA 1 2 years, 2 months
Detect PyArmor Protected Script YARA 1 2 years, 2 months
Detect Installed Software Enumration via Registry YARA 1 2 years, 2 months
Detect RLO Extension Spoofing Technique YARA 1 2 years, 2 months
Detect Direct Syscall Shellcode Invocation YARA 1 2 years, 2 months
Detect NET NixImports Loader YARA 1 2 years, 2 months
Detect NET NixImports Loader 2 YARA 1 2 years, 2 months
Detect PowerShell Special Char Obfuscation YARA 1 2 years, 2 months
Detect Base64 En/Decoding Patterns in Golang Bins YARA 1 2 years, 2 months
Detect NETReactor Managed Obfuscation YARA 1 2 years, 2 months
Detect PureCrypter Protector YARA 1 2 years, 2 months
Detect ConfuserEx Packed Binary YARA 1 2 years, 2 months
Detect TrueCrypt YARA 1 2 years, 2 months
Detect Reactor Native Stub YARA 1 2 years, 2 months
Detect EasyCrypter Protector YARA 1 2 years, 2 months
Detect Executables Packed with hXOR Packer YARA 1 2 years, 2 months
Detect ConfuserEx Naming Pattern YARA 1 2 years, 2 months
Detect XOR Encoded Malicious Patterns YARA 1 2 years, 2 months
Detect ScrubCrypt Obfuscated Batch YARA 1 2 years, 2 months
Filter
Clear