Detection Rule List

Rule Name Rule Type Technique Count Creation Date
CAPA_Hook_Injection1 CAPA 0 1 month, 3 weeks
CAPA_Hook_Injection CAPA 0 1 month, 3 weeks
CAPA_Detect_Confuser CAPA 1 7 months, 1 week
CAPA_Detect_vmprotect CAPA 1 7 months, 1 week
CAPA_Detect_Petite CAPA 1 7 months, 1 week
CAPA_Detect_Themida CAPA 1 7 months, 1 week
CAPA_Detect_PeCompact CAPA 1 7 months, 1 week
CAPA_Detect_NSpack CAPA 1 7 months, 1 week
CAPA_Detect_ASPACK CAPA 1 7 months, 1 week
CAPA_Detect_UPX CAPA 1 7 months, 1 week
CAPA_Detect_QEMU CAPA 0 7 months, 1 week
CAPA_Check_SandboxProcess CAPA 1 7 months, 1 week
CAPA_Detect_FileMelt CAPA 1 7 months, 1 week
CAPA_Detect_Timestomp CAPA 1 7 months, 1 week
CAPA_FileVersion_Impersonation CAPA 1 7 months, 1 week
CAPA_check_PPID CAPA 1 7 months, 1 week
CAPA_Check_ICEBP CAPA 1 7 months, 1 week
CAPA_NtQueryInformation CAPA 1 7 months, 1 week
CAPA_Trap_Flag CAPA 1 7 months, 1 week
CAPA_Software_Breakpoint CAPA 1 7 months, 1 week
CAPA_resize_volume_shadow_copy_storage CAPA 0 7 months, 2 weeks
CAPA_debugger_api CAPA 1 7 months, 2 weeks
CAPA_SANBOX_AV_CHECK CAPA 1 7 months, 2 weeks
CAPA_SetHandleInformation CAPA 1 7 months, 2 weeks
CAPA_localsize CAPA 1 7 months, 2 weeks
CAPA_vm_registry CAPA 1 7 months, 2 weeks
CAPA_vm_artefact2 CAPA 1 7 months, 2 weeks
CAPA_vm_instruction CAPA 0 7 months, 2 weeks
CAPA_gettickcount CAPA 1 7 months, 2 weeks
CAPA_debugged_flag CAPA 1 7 months, 2 weeks
Filter
Clear