Detection Rule List

Rule Name Rule Type Technique Count Creation Date
CAPA_localsize CAPA 1 9 months, 1 week
CAPA_vm_registry CAPA 1 9 months, 1 week
CAPA_vm_artefact2 CAPA 1 9 months, 1 week
CAPA_vm_instruction CAPA 0 9 months, 1 week
CAPA_gettickcount CAPA 1 9 months, 1 week
CAPA_debugged_flag CAPA 1 9 months, 1 week
CAPA_mouse_cursor CAPA 1 9 months, 1 week
CAPA_timestomp CAPA 0 9 months, 1 week
CAPA_ntglobalflag CAPA 1 9 months, 1 week
CAPA_stackstring_obf CAPA 0 9 months, 1 week
CAPA_vm_artefact CAPA 1 9 months, 1 week
CAPA_kill_process CAPA 1 9 months, 1 week
CAPA_detect_vm_process CAPA 2 9 months, 1 week
CAPA_device_pipe CAPA 0 9 months, 1 week
CAPA_QueryPerformanceCounter CAPA 1 9 months, 1 week
CAPA_output_debug_string CAPA 1 9 months, 1 week
CAPA_clear_log CAPA 1 9 months, 1 week
CAPA_crash_eventlog CAPA 2 9 months, 1 week
CAPA_debug_register CAPA 1 9 months, 1 week
CAPA_debugger_api CAPA 1 9 months, 1 week
SIGMA_bitsadmin SIGMA 0 9 months, 1 week
SIGMA_spoofed_extension SIGMA 0 9 months, 1 week
SIGMA_hide_copy_melt SIGMA 1 9 months, 1 week
SIGMA_base64_download SIGMA 0 9 months, 1 week
SIGMA_lolbins SIGMA 0 9 months, 1 week
SIGMA_detect_region SIGMA 0 9 months, 1 week
SIGMA_delete_shadow_copy SIGMA 1 9 months, 1 week
SIGMA_ANTI_VM SIGMA 0 9 months, 1 week
SIGMA_stop_service SIGMA 0 9 months, 1 week
CAPA_fingerprint_av SIGMA 1 9 months, 1 week
Filter
Clear