Detection Rule List

Rule Name	Rule Type	Technique Count	Creation Date
CAPA_Detect_Confuser	CAPA	1	1 month, 2 weeks
CAPA_Detect_vmprotect	CAPA	1	1 month, 2 weeks
CAPA_Detect_Petite	CAPA	1	1 month, 2 weeks
CAPA_Detect_Themida	CAPA	1	1 month, 2 weeks
CAPA_Detect_PeCompact	CAPA	1	1 month, 2 weeks
CAPA_Detect_NSpack	CAPA	1	1 month, 2 weeks
CAPA_Detect_ASPACK	CAPA	1	1 month, 2 weeks
CAPA_Detect_UPX	CAPA	1	1 month, 2 weeks
CAPA_Detect_QEMU	CAPA	0	1 month, 2 weeks
CAPA_Check_SandboxProcess	CAPA	1	1 month, 2 weeks
CAPA_Detect_FileMelt	CAPA	1	1 month, 2 weeks
CAPA_Detect_Timestomp	CAPA	1	1 month, 2 weeks
CAPA_FileVersion_Impersonation	CAPA	1	1 month, 2 weeks
CAPA_check_PPID	CAPA	1	1 month, 2 weeks
CAPA_Check_ICEBP	CAPA	1	1 month, 2 weeks
CAPA_NtQueryInformation	CAPA	1	1 month, 2 weeks
CAPA_Trap_Flag	CAPA	1	1 month, 2 weeks
CAPA_Software_Breakpoint	CAPA	1	1 month, 2 weeks
CAPA_Delete_Volume_Shadow_Copy	CAPA	1	1 month, 3 weeks
CAPA_sandbox_name	CAPA	1	1 month, 3 weeks
CAPA_resize_volume_shadow_copy_storage	CAPA	0	1 month, 3 weeks
CAPA_debugger_api	CAPA	1	1 month, 3 weeks
CAPA_SANBOX_AV_CHECK	CAPA	1	1 month, 3 weeks
CAPA_SetHandleInformation	CAPA	1	1 month, 3 weeks
CAPA_localsize	CAPA	1	1 month, 3 weeks
CAPA_vm_registry	CAPA	1	1 month, 3 weeks
CAPA_vm_artefact2	CAPA	1	1 month, 3 weeks
CAPA_vm_instruction	CAPA	0	1 month, 3 weeks
CAPA_gettickcount	CAPA	1	1 month, 3 weeks
CAPA_debugged_flag	CAPA	1	1 month, 3 weeks