Detection Rule List

YARA

YARA (created by Victor Alvarez at VirusTotal) is a rule-based pattern-matching tool used to identify and classify files especially malware by detecting specific textual, binary, or structural signatures.
CAPA

CAPA (by Mandiant) identifies malware capabilities by analyzing executable behavior and mapping it to known techniques.
SIGMA

SIGMA is a generic, open signature format that allows security analysts to write detection rules that can be applied across different SIEM systems.
Rule Name Rule Type Technique Count Creation Date
Detect OutputDebugString Error CAPA 1 3 years, 9 months
Detect QueryPerformanceCounter Usage CAPA 1 3 years, 9 months
Detect Sandbox via Device Name (Pipe) CAPA 0 3 years, 9 months
Detect Container Execution Agent via Process Name CAPA 2 3 years, 9 months
Detect Obfuscated Stack Strings CAPA 0 3 years, 9 months
Detect GetCursorPos Usage CAPA 1 3 years, 9 months
Detect PEB NtGlobalFlag Check CAPA 1 3 years, 9 months
Detect PEB BeingDebugged Flag CAPA 1 3 years, 9 months
Detect GetTickCount Usage CAPA 1 3 years, 9 months
Detect VM Instructions CAPA 0 3 years, 9 months
Detect VM Artifacts 2 CAPA 1 3 years, 9 months
Detect Windows Sandbox via Registry CAPA 1 3 years, 9 months
Detect LocalSize Usage CAPA 1 3 years, 9 months
Detect VM Artifacts CAPA 1 3 years, 9 months
Detect SetHandleInformation Usage CAPA 1 3 years, 9 months
Detect Process Enumeration CAPA 1 3 years, 9 months
Detect Sandbox And Antivirus Software CAPA 1 3 years, 9 months
Delete Volume Shadow Copy CAPA 1 3 years, 9 months
Detect Sandbox Check via User Account CAPA 1 3 years, 9 months
Detect Resize Volume Shadow Copy Usage CAPA 0 3 years, 9 months
Detect WAN Discovery via IPIFY.ORG SIGMA 0 3 years, 9 months
Detect VBox, VMWare, KVM and HVM SIGMA 0 3 years, 9 months
Detect Stop Multiple Services (via net.exe) SIGMA 0 3 years, 9 months
Detect Certain UAC Bypass Techniques SIGMA 1 3 years, 9 months
Detect Certain Lolbins Techniques SIGMA 0 3 years, 9 months
Detect Shadow Copy Delete via PowerShell SIGMA 1 3 years, 9 months
Detect Shadow Copy Delete via System Utilities Through PowerShell SIGMA 1 3 years, 9 months
Detect Taskkill Usage SIGMA 1 3 years, 9 months
Detect Shadow Copy Deletion via System Utilities SIGMA 1 3 years, 9 months
Detect Process Re-Imaging SIGMA 0 3 years, 9 months
Filter
Clear