Detection Rule List

Rule Name Rule Type Technique Count Creation Date
CAPA_Unhook-FreeLibrary CAPA 1 1 year, 1 month
CAPA_Hook_Injection1 CAPA 0 1 year, 4 months
CAPA_Hook_Injection CAPA 0 1 year, 4 months
CAPA_Detect_Confuser CAPA 1 1 year, 9 months
CAPA_Detect_vmprotect CAPA 1 1 year, 9 months
CAPA_Detect_Petite CAPA 1 1 year, 9 months
CAPA_Detect_Themida CAPA 1 1 year, 9 months
CAPA_Detect_PeCompact CAPA 1 1 year, 9 months
CAPA_Detect_NSpack CAPA 1 1 year, 9 months
CAPA_Detect_ASPACK CAPA 1 1 year, 9 months
CAPA_Detect_UPX CAPA 1 1 year, 9 months
CAPA_Detect_QEMU CAPA 0 1 year, 9 months
CAPA_Check_SandboxProcess CAPA 1 1 year, 9 months
CAPA_Detect_FileMelt CAPA 1 1 year, 9 months
CAPA_Detect_Timestomp CAPA 1 1 year, 9 months
CAPA_FileVersion_Impersonation CAPA 1 1 year, 9 months
CAPA_check_PPID CAPA 1 1 year, 9 months
CAPA_Check_ICEBP CAPA 1 1 year, 9 months
CAPA_NtQueryInformation CAPA 1 1 year, 9 months
CAPA_Trap_Flag CAPA 1 1 year, 9 months
CAPA_Software_Breakpoint CAPA 1 1 year, 9 months
CAPA_debugger_api CAPA 1 1 year, 10 months
CAPA_debug_register CAPA 1 1 year, 10 months
CAPA_crash_eventlog CAPA 2 1 year, 10 months
CAPA_clear_log CAPA 1 1 year, 10 months
CAPA_timestomp CAPA 0 1 year, 10 months
CAPA_output_debug_string CAPA 1 1 year, 10 months
CAPA_QueryPerformanceCounter CAPA 1 1 year, 10 months
CAPA_device_pipe CAPA 0 1 year, 10 months
CAPA_detect_vm_process CAPA 2 1 year, 10 months
Filter
Clear