Detection Rule List

YARA

YARA (created by Victor Alvarez at VirusTotal) is a rule-based pattern-matching tool used to identify and classify files especially malware by detecting specific textual, binary, or structural signatures.
CAPA

CAPA (by Mandiant) identifies malware capabilities by analyzing executable behavior and mapping it to known techniques.
SIGMA

SIGMA is a generic, open signature format that allows security analysts to write detection rules that can be applied across different SIEM systems.
Rule Name Rule Type Technique Count Creation Date
Impair Defenses Through Disable Windows Event Logging was Detected SIGMA 1 1 year, 7 months
Detect Hook Injection 3 SIGMA 1 3 years, 3 months
Detect WAN Discovery via IPIFY.ORG SIGMA 0 3 years, 9 months
Detect VBox, VMWare, KVM and HVM SIGMA 0 3 years, 9 months
Detect Stop Multiple Services (via net.exe) SIGMA 0 3 years, 9 months
Detect Certain UAC Bypass Techniques SIGMA 1 3 years, 9 months
Detect Certain Lolbins Techniques SIGMA 0 3 years, 9 months
Detect Shadow Copy Delete via PowerShell SIGMA 1 3 years, 9 months
Detect Shadow Copy Delete via System Utilities Through PowerShell SIGMA 1 3 years, 9 months
Detect Taskkill Usage SIGMA 1 3 years, 9 months
Detect Shadow Copy Deletion via System Utilities SIGMA 1 3 years, 9 months
Detect Process Re-Imaging SIGMA 0 3 years, 9 months
Detect findstr.exe usage from Windows shortcuts SIGMA 0 3 years, 9 months
Detect PowerShell Delay Execution via Ping SIGMA 0 3 years, 9 months
Detect DLL Execution with Spoofed Extension (Rundll32) SIGMA 0 3 years, 9 months
Detect File Melting via Attrib.exe SIGMA 1 3 years, 9 months
Detect PowerShell Download File from Base64 URL SIGMA 0 3 years, 9 months
Detect Region Filtering via Blacklist SIGMA 0 3 years, 9 months
Detect AppLocker Bypass via Regsvr32 SIGMA 0 3 years, 9 months
Detect Antivirus Name Retrieval via WMIC SIGMA 1 3 years, 9 months
Detect Self Copy to APPDATA SIGMA 0 3 years, 9 months
Detect Bitsadmin Usage (Download and Execute) SIGMA 0 3 years, 9 months
Filter
Clear