Detection Rule List

Rule Name Rule Type Technique Count Creation Date
CAPA_Delete_Volume_Shadow_Copy CAPA 1 1 month, 3 weeks
CAPA_SANBOX_AV_CHECK CAPA 1 1 month, 3 weeks
CAPA_SetHandleInformation CAPA 1 1 month, 3 weeks
CAPA_localsize CAPA 1 1 month, 3 weeks
CAPA_vm_registry CAPA 1 1 month, 3 weeks
SIGMA_detect_region SIGMA 0 1 month, 3 weeks
SIGMA_base64_download SIGMA 0 1 month, 3 weeks
SIGMA_hide_copy_melt SIGMA 1 1 month, 3 weeks
SIGMA_ANTI_VM SIGMA 0 1 month, 3 weeks
CAPA_fingerprint_av SIGMA 1 1 month, 3 weeks
SIGMA_onset_delay SIGMA 0 1 month, 3 weeks
SIGMA_process_reimaging SIGMA 0 1 month, 3 weeks
SIGMA_proc_creation_win_shadow_copies_deletion SIGMA 1 1 month, 3 weeks
SIGMA_kill_process SIGMA 1 1 month, 3 weeks
SIGMA_delete_shadow_copy SIGMA 1 1 month, 3 weeks
SIGMA_bypass_applocker SIGMA 0 1 month, 3 weeks
SIGMA_decode_string_findstr SIGMA 0 1 month, 3 weeks
SIGMA_uac_bypass SIGMA 1 1 month, 3 weeks
SIGMA_lolbins SIGMA 0 1 month, 3 weeks
SIGMA_hide_in_appdata SIGMA 0 1 month, 3 weeks
SIGMA_spoofed_extension SIGMA 0 1 month, 3 weeks
SIGMA_check_external_ip SIGMA 0 1 month, 3 weeks
SIGMA_stop_service SIGMA 0 1 month, 3 weeks
SIGMA_bitsadmin SIGMA 0 1 month, 3 weeks
SIGMA_posh_pc_delete_volume_shadow_copies SIGMA 1 1 month, 3 weeks
Filter
Clear