Detection Rule List
| Rule Name | Rule Type | Technique Count | Creation Date |
|---|---|---|---|
| Impair Defenses Through Disable Windows Event Logging was Detected | SIGMA | 1 | 10 months, 3 weeks |
| SIGMA_Hook_Injection | SIGMA | 1 | 2 years, 7 months |
| SIGMA_check_external_ip | SIGMA | 0 | 3 years |
| SIGMA_ANTI_VM | SIGMA | 0 | 3 years |
| SIGMA_stop_service | SIGMA | 0 | 3 years |
| SIGMA_uac_bypass | SIGMA | 1 | 3 years |
| SIGMA_lolbins | SIGMA | 0 | 3 years |
| SIGMA_delete_shadow_copy | SIGMA | 1 | 3 years |
| SIGMA_posh_pc_delete_volume_shadow_copies | SIGMA | 1 | 3 years |
| SIGMA_kill_process | SIGMA | 1 | 3 years |
| SIGMA_proc_creation_win_shadow_copies_deletion | SIGMA | 1 | 3 years |
| SIGMA_process_reimaging | SIGMA | 0 | 3 years |
| SIGMA_decode_string_findstr | SIGMA | 0 | 3 years |
| SIGMA_onset_delay | SIGMA | 0 | 3 years |
| SIGMA_spoofed_extension | SIGMA | 0 | 3 years |
| SIGMA_hide_copy_melt | SIGMA | 1 | 3 years |
| SIGMA_base64_download | SIGMA | 0 | 3 years |
| SIGMA_detect_region | SIGMA | 0 | 3 years |
| SIGMA_bypass_applocker | SIGMA | 0 | 3 years |
| CAPA_fingerprint_av | SIGMA | 1 | 3 years |
| SIGMA_hide_in_appdata | SIGMA | 0 | 3 years |
| SIGMA_bitsadmin | SIGMA | 0 | 3 years |