Detection Rule List
| Rule Name | Rule Type | Technique Count | Creation Date |
|---|---|---|---|
| CAPA_vm_artefact2 | CAPA | 1 | 5 months, 3 weeks |
| CAPA_vm_instruction | CAPA | 0 | 5 months, 3 weeks |
| CAPA_gettickcount | CAPA | 1 | 5 months, 3 weeks |
| CAPA_debugged_flag | CAPA | 1 | 5 months, 3 weeks |
| CAPA_mouse_cursor | CAPA | 1 | 5 months, 3 weeks |
| CAPA_stackstring_obf | CAPA | 0 | 5 months, 3 weeks |
| CAPA_timestomp | CAPA | 0 | 5 months, 3 weeks |
| CAPA_ntglobalflag | CAPA | 1 | 5 months, 3 weeks |
| CAPA_vm_artefact | CAPA | 1 | 5 months, 3 weeks |
| CAPA_detect_vm_process | CAPA | 2 | 5 months, 3 weeks |
| CAPA_device_pipe | CAPA | 0 | 5 months, 3 weeks |
| CAPA_QueryPerformanceCounter | CAPA | 1 | 5 months, 3 weeks |
| CAPA_output_debug_string | CAPA | 1 | 5 months, 3 weeks |
| CAPA_clear_log | CAPA | 1 | 5 months, 3 weeks |
| CAPA_crash_eventlog | CAPA | 2 | 5 months, 3 weeks |
| CAPA_debug_register | CAPA | 1 | 5 months, 3 weeks |
| CAPA_debugger_api | CAPA | 1 | 5 months, 3 weeks |
| SIGMA_decode_string_findstr | SIGMA | 0 | 5 months, 3 weeks |
| SIGMA_hide_copy_melt | SIGMA | 1 | 5 months, 3 weeks |
| SIGMA_spoofed_extension | SIGMA | 0 | 5 months, 3 weeks |
| SIGMA_base64_download | SIGMA | 0 | 5 months, 3 weeks |
| SIGMA_detect_region | SIGMA | 0 | 5 months, 3 weeks |
| SIGMA_ANTI_VM | SIGMA | 0 | 5 months, 3 weeks |
| SIGMA_lolbins | SIGMA | 0 | 5 months, 3 weeks |
| CAPA_fingerprint_av | SIGMA | 1 | 5 months, 3 weeks |
| SIGMA_stop_service | SIGMA | 0 | 5 months, 3 weeks |
| SIGMA_hide_in_appdata | SIGMA | 0 | 5 months, 3 weeks |
| SIGMA_check_external_ip | SIGMA | 0 | 5 months, 3 weeks |
| SIGMA_delete_shadow_copy | SIGMA | 1 | 5 months, 3 weeks |
| SIGMA_kill_process | SIGMA | 1 | 5 months, 3 weeks |