Detection Rule List

YARA

YARA (created by Victor Alvarez at VirusTotal) is a rule-based pattern-matching tool used to identify and classify files especially malware by detecting specific textual, binary, or structural signatures.
CAPA

CAPA (by Mandiant) identifies malware capabilities by analyzing executable behavior and mapping it to known techniques.
SIGMA

SIGMA is a generic, open signature format that allows security analysts to write detection rules that can be applied across different SIEM systems.
Rule Name Rule Type Technique Count Creation Date
Detect MPRESS Packer YARA 1 3 years, 9 months
UPX Packer YARA 1 3 years, 9 months
Detect Confuser CAPA 1 3 years, 9 months
Detect VMProtect CAPA 1 3 years, 9 months
Detect Petite Packer CAPA 1 3 years, 9 months
Detect Themida Packer CAPA 1 3 years, 9 months
Detect PECompact Packer CAPA 1 3 years, 9 months
Detect NSpack Packer CAPA 1 3 years, 9 months
ASPack Packer Detection CAPA 1 3 years, 9 months
UPX Packer Detection CAPA 1 3 years, 9 months
Detect QEMU CAPA 0 3 years, 9 months
Check Sandbox Process CAPA 1 3 years, 9 months
Detect File Melt CAPA 1 3 years, 9 months
Detect Timestomp CAPA 1 3 years, 9 months
Detect FileVersion Impersonation CAPA 1 3 years, 9 months
Detect PPID Spoofing CAPA 1 3 years, 9 months
Check ICEBP CAPA 1 3 years, 9 months
Detect NtQueryInformation Usage CAPA 1 3 years, 9 months
Detect Trap Flag Exception CAPA 1 3 years, 9 months
Detect Software Breakpoint CAPA 1 3 years, 9 months
Detect NtLoadDriver Usage YARA 1 3 years, 9 months
Detect OllyDbg Detection via FindWindow YARA 1 3 years, 9 months
Detect LocalSize Debug Check YARA 1 3 years, 9 months
Detect RDTSC Check YARA 1 3 years, 9 months
Detect NtQueryInformationProcess Usage YARA 1 3 years, 9 months
Detect NtSetInformationThread Usage YARA 1 3 years, 9 months
Detect NtQueryObject Usage YARA 1 3 years, 9 months
Detect OutputDebugString Usage YARA 1 3 years, 9 months
Detect EventPairHandles Usage YARA 1 3 years, 9 months
Detect CsrGetProcessID Usage YARA 1 3 years, 9 months
Filter
Clear