Detection Rule List

YARA

YARA (created by Victor Alvarez at VirusTotal) is a rule-based pattern-matching tool used to identify and classify files especially malware by detecting specific textual, binary, or structural signatures.
CAPA

CAPA (by Mandiant) identifies malware capabilities by analyzing executable behavior and mapping it to known techniques.
SIGMA

SIGMA is a generic, open signature format that allows security analysts to write detection rules that can be applied across different SIEM systems.
Rule Name Rule Type Technique Count Creation Date
Detect findstr.exe usage from Windows shortcuts SIGMA 0 3 years, 10 months
Detect PowerShell Delay Execution via Ping SIGMA 0 3 years, 10 months
Detect DLL Execution with Spoofed Extension (Rundll32) SIGMA 0 3 years, 10 months
Detect File Melting via Attrib.exe SIGMA 1 3 years, 10 months
Detect PowerShell Download File from Base64 URL SIGMA 0 3 years, 10 months
Detect Region Filtering via Blacklist SIGMA 0 3 years, 10 months
Detect AppLocker Bypass via Regsvr32 SIGMA 0 3 years, 10 months
Detect Antivirus Name Retrieval via WMIC SIGMA 1 3 years, 10 months
Detect Self Copy to APPDATA SIGMA 0 3 years, 10 months
Detect Bitsadmin Usage (Download and Execute) SIGMA 0 3 years, 10 months
Filter
Clear