Skip to content

Issues: mandiant/capa-rules

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

104 Open 236 Closed
104 Open 236 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

detect PoolParty injection rule idea
#1008 opened Feb 25, 2025 by Still34
1 task done
Linux kernel rootkit techniques good first issue Good for newcomers help wanted Extra attention is needed rule idea
#998 opened Feb 15, 2025 by mike-hunhoff
bytes feature unable to detect CLSID/RID when pushed via stack false negative rule expected to match but doesnt
#996 opened Feb 14, 2025 by Still34
2
detect donut loader rule idea
#994 opened Feb 5, 2025 by Still34
1 task done
1
false negative for screenshot false negative rule expected to match but doesnt good first issue Good for newcomers help wanted Extra attention is needed
#981 opened Jan 17, 2025 by williballenthin
@akh7177
7
consider appending "via [insert_name] assembly" to applicable rule names enhancement New feature or request good first issue Good for newcomers
#979 opened Jan 8, 2025 by mike-hunhoff
dynamic: vmray: "persist via Run registry key" doesn't match because "call" scope is too small false negative rule expected to match but doesnt
#977 opened Jan 6, 2025 by mike-hunhoff
1
Review rules for span-of-calls scope adjustments
#975 opened Dec 18, 2024 by mr-tz
8 tasks
detect socks5 proxy capabilities good first issue Good for newcomers help wanted Extra attention is needed rule idea
#971 opened Dec 6, 2024 by mike-hunhoff
derive capa rules from yara-rules capabilities rule idea
#968 opened Nov 25, 2024 by williballenthin
detect BITS usage in general good first issue Good for newcomers rule idea
#967 opened Nov 25, 2024 by mr-tz
create separate rule to match socket connects good first issue Good for newcomers rule idea
#965 opened Nov 20, 2024 by mike-hunhoff
improve TCP/UDP socket creation matching good first issue Good for newcomers rule idea
#964 opened Nov 20, 2024 by mike-hunhoff
1
dotnet: create new scheduled task via TaskService good first issue Good for newcomers rule idea
#959 opened Nov 7, 2024 by mike-hunhoff
dotnet: Process.EnterDebugMode good first issue Good for newcomers rule idea
#958 opened Nov 5, 2024 by mike-hunhoff
dotnet: TripleDESCryptoServiceProvider Class good first issue Good for newcomers rule idea
#957 opened Nov 5, 2024 by mike-hunhoff
access PEB ldr_data false positive False positive rule hit
#946 opened Oct 21, 2024 by mr-tz
reconsider att&ck classification for get/set-uefi-variable.yml att&ck false positive False positive rule hit
#944 opened Oct 7, 2024 by mike-hunhoff
reference anti-VM strings targeting VirtualBox false positive False positive rule hit
#934 opened Sep 24, 2024 by mr-tz
delay execution: add Beep WinAPI rule idea
#915 opened Jul 26, 2024 by fariss
rule idea: modify PendingFileRenameOperations to delete, rename, or move file across reboots rule idea
#911 opened Jul 11, 2024 by mike-hunhoff
Create new rule with LoadLibrary, etc. APIs
#909 opened Jun 14, 2024 by mr-tz
Rules to find interesting code rule idea
#898 opened May 16, 2024 by mr-tz
parse-credit-card-information -> mimikatz.exe_:0x444E02 false positive False positive rule hit
#897 opened May 3, 2024 by mike-hunhoff
[obfuscated-with-litcrypt] rule idea
#889 opened Mar 23, 2024 by lulzc
ProTip! Mix and match filters to narrow down what you’re looking for.