Detection Rule List
| Rule Name | Rule Type | Technique Count | Creation Date |
|---|---|---|---|
| CAPA_Unhook-FreeLibrary | CAPA | 1 | 2 months, 2 weeks |
| CAPA_Hook_Injection1 | CAPA | 0 | 5 months, 4 weeks |
| CAPA_Hook_Injection | CAPA | 0 | 5 months, 4 weeks |
| CAPA_Detect_Confuser | CAPA | 1 | 11 months, 1 week |
| CAPA_Detect_vmprotect | CAPA | 1 | 11 months, 1 week |
| CAPA_Detect_Petite | CAPA | 1 | 11 months, 1 week |
| CAPA_Detect_Themida | CAPA | 1 | 11 months, 1 week |
| CAPA_Detect_PeCompact | CAPA | 1 | 11 months, 1 week |
| CAPA_Detect_NSpack | CAPA | 1 | 11 months, 1 week |
| CAPA_Detect_ASPACK | CAPA | 1 | 11 months, 1 week |
| CAPA_Detect_UPX | CAPA | 1 | 11 months, 1 week |
| CAPA_Detect_QEMU | CAPA | 0 | 11 months, 1 week |
| CAPA_Check_SandboxProcess | CAPA | 1 | 11 months, 1 week |
| CAPA_Detect_FileMelt | CAPA | 1 | 11 months, 1 week |
| CAPA_Detect_Timestomp | CAPA | 1 | 11 months, 1 week |
| CAPA_FileVersion_Impersonation | CAPA | 1 | 11 months, 1 week |
| CAPA_check_PPID | CAPA | 1 | 11 months, 1 week |
| CAPA_Check_ICEBP | CAPA | 1 | 11 months, 1 week |
| CAPA_NtQueryInformation | CAPA | 1 | 11 months, 1 week |
| CAPA_Trap_Flag | CAPA | 1 | 11 months, 1 week |
| CAPA_Software_Breakpoint | CAPA | 1 | 11 months, 1 week |
| CAPA_debugger_api | CAPA | 1 | 11 months, 2 weeks |
| CAPA_SANBOX_AV_CHECK | CAPA | 1 | 11 months, 2 weeks |
| CAPA_SetHandleInformation | CAPA | 1 | 11 months, 2 weeks |
| CAPA_localsize | CAPA | 1 | 11 months, 2 weeks |
| CAPA_vm_registry | CAPA | 1 | 11 months, 2 weeks |
| CAPA_vm_artefact2 | CAPA | 1 | 11 months, 2 weeks |
| CAPA_vm_instruction | CAPA | 0 | 11 months, 2 weeks |
| CAPA_gettickcount | CAPA | 1 | 11 months, 2 weeks |
| CAPA_debugged_flag | CAPA | 1 | 11 months, 2 weeks |