Skip to content

Issues: mandiant/capa-rules

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

89 Open 228 Closed
89 Open 228 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

access PEB ldr_data false positive False positive rule hit
#946 opened Oct 21, 2024 by mr-tz
reconsider att&ck classification for get/set-uefi-variable.yml att&ck false positive False positive rule hit
#944 opened Oct 7, 2024 by mike-hunhoff
graduate upload file to onedrive rule
#943 opened Oct 4, 2024 by mr-tz
reference anti-VM strings targeting VirtualBox false positive False positive rule hit
#934 opened Sep 24, 2024 by mr-tz
delay execution: add Beep WinAPI rule idea
#915 opened Jul 26, 2024 by fariss
rule idea: modify PendingFileRenameOperations to delete, rename, or move file across reboots rule idea
#911 opened Jul 11, 2024 by mike-hunhoff
Create new rule with LoadLibrary, etc. APIs
#909 opened Jun 14, 2024 by mr-tz
Rules to find interesting code rule idea
#898 opened May 16, 2024 by mr-tz
parse-credit-card-information -> mimikatz.exe_:0x444E02 false positive False positive rule hit
#897 opened May 3, 2024 by mike-hunhoff
[obfuscated-with-litcrypt] rule idea
#889 opened Mar 23, 2024 by lulzc
Support ATT&CK v14.1 Techniques
#887 opened Mar 6, 2024 by mr-tz
7 tasks
3
find/reference Explorer window rule idea
#881 opened Feb 13, 2024 by mr-tz
TLS client via OpenSSL rule idea
#880 opened Feb 7, 2024 by williballenthin
resolve Microsoft.Win32.Win32Native to execute native Windows APIs in .NET rule idea
#876 opened Jan 17, 2024 by mike-hunhoff
block system shutdown rule idea
#875 opened Jan 17, 2024 by mike-hunhoff
Detect Safengine Shielden (limitation) rule idea
#873 opened Jan 12, 2024 by mike-hunhoff
synchronized fn callback execution (extend create-thread.yml)? rule idea
#872 opened Jan 12, 2024 by mike-hunhoff
1
discussion: organizing Android/mobile focused capa rules
#850 opened Nov 22, 2023 by mike-hunhoff
3
restrict to os: android? or maybe the name and API namespace are sufficient?
#849 opened Nov 22, 2023 by mike-hunhoff
null-preserving XOR not identified enhancement New feature or request
#840 opened Nov 6, 2023 by Ana06
2
Namespaces load-code vs. host-interaction/process/inject etc.
#830 opened Sep 23, 2023 by mr-tz
Support ATT&CK Mobile techniques (linter)
#819 opened Aug 28, 2023 by mr-tz
find rule candidates from stackoverflow rule idea
#772 opened Jun 9, 2023 by williballenthin
defender evasion via exclusion directory rule idea
#759 opened May 12, 2023 by ghost
CI: lint max length of bytes feature CI Continous integration documentation Improvements or additions to documentation enhancement New feature or request
#747 opened Apr 17, 2023 by mike-hunhoff
ProTip! Type g i on any issue or pull request to go back to the issue listing page.