Detection Rule List

Rule Name Rule Type Technique Count Creation Date
CAPA_QueryPerformanceCounter CAPA 1 3 years, 1 month
CAPA_device_pipe CAPA 0 3 years, 1 month
CAPA_detect_vm_process CAPA 2 3 years, 1 month
CAPA_stackstring_obf CAPA 0 3 years, 1 month
CAPA_mouse_cursor CAPA 1 3 years, 1 month
CAPA_ntglobalflag CAPA 1 3 years, 1 month
CAPA_debugged_flag CAPA 1 3 years, 1 month
CAPA_gettickcount CAPA 1 3 years, 1 month
CAPA_vm_instruction CAPA 0 3 years, 1 month
CAPA_vm_artefact2 CAPA 1 3 years, 1 month
CAPA_vm_registry CAPA 1 3 years, 1 month
CAPA_localsize CAPA 1 3 years, 1 month
CAPA_vm_artefact CAPA 1 3 years, 1 month
CAPA_SetHandleInformation CAPA 1 3 years, 1 month
CAPA_kill_process CAPA 1 3 years, 1 month
CAPA_SANBOX_AV_CHECK CAPA 1 3 years, 1 month
Delete Volume Shadow Copy CAPA 1 3 years, 1 month
CAPA_sandbox_name CAPA 1 3 years, 1 month
CAPA_resize_volume_shadow_copy_storage CAPA 0 3 years, 1 month
SIGMA_check_external_ip SIGMA 0 3 years, 1 month
SIGMA_ANTI_VM SIGMA 0 3 years, 1 month
SIGMA_stop_service SIGMA 0 3 years, 1 month
SIGMA_uac_bypass SIGMA 1 3 years, 1 month
SIGMA_lolbins SIGMA 0 3 years, 1 month
SIGMA_delete_shadow_copy SIGMA 1 3 years, 1 month
SIGMA_posh_pc_delete_volume_shadow_copies SIGMA 1 3 years, 1 month
SIGMA_kill_process SIGMA 1 3 years, 1 month
SIGMA_proc_creation_win_shadow_copies_deletion SIGMA 1 3 years, 1 month
SIGMA_process_reimaging SIGMA 0 3 years, 1 month
SIGMA_decode_string_findstr SIGMA 0 3 years, 1 month
Filter
Clear