Detection Rule List

YARA

YARA (created by Victor Alvarez at VirusTotal) is a rule-based pattern-matching tool used to identify and classify files especially malware by detecting specific textual, binary, or structural signatures.
CAPA

CAPA (by Mandiant) identifies malware capabilities by analyzing executable behavior and mapping it to known techniques.
SIGMA

SIGMA is a generic, open signature format that allows security analysts to write detection rules that can be applied across different SIEM systems.
Rule Name Rule Type Technique Count Creation Date
Detect Obfuscated Stack Strings CAPA 0 3 years, 9 months
Detect GetCursorPos Usage CAPA 1 3 years, 9 months
Detect PEB NtGlobalFlag Check CAPA 1 3 years, 9 months
Detect PEB BeingDebugged Flag CAPA 1 3 years, 9 months
Detect GetTickCount Usage CAPA 1 3 years, 9 months
Detect VM Instructions CAPA 0 3 years, 9 months
Detect VM Artifacts 2 CAPA 1 3 years, 9 months
Detect Windows Sandbox via Registry CAPA 1 3 years, 9 months
Detect LocalSize Usage CAPA 1 3 years, 9 months
Detect VM Artifacts CAPA 1 3 years, 9 months
Detect SetHandleInformation Usage CAPA 1 3 years, 9 months
Detect Process Enumeration CAPA 1 3 years, 9 months
Detect Sandbox And Antivirus Software CAPA 1 3 years, 9 months
Delete Volume Shadow Copy CAPA 1 3 years, 9 months
Detect Sandbox Check via User Account CAPA 1 3 years, 9 months
Detect Resize Volume Shadow Copy Usage CAPA 0 3 years, 9 months
Filter
Clear