Skip to content

Issues: mandiant/capa-rules

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

82 Open 225 Closed
82 Open 225 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Rules to find interesting code rule idea
#898 opened May 16, 2024 by mr-tz
parse-credit-card-information -> mimikatz.exe_:0x444E02 false positive False positive rule hit
#897 opened May 3, 2024 by mike-hunhoff
[obfuscated-with-litcrypt] rule idea
#889 opened Mar 23, 2024 by lulzc
Support ATT&CK v14.1 Techniques
#887 opened Mar 6, 2024 by mr-tz
7 tasks
3
find/reference Explorer window rule idea
#881 opened Feb 13, 2024 by mr-tz
TLS client via OpenSSL rule idea
#880 opened Feb 7, 2024 by williballenthin
resolve Microsoft.Win32.Win32Native to execute native Windows APIs in .NET rule idea
#876 opened Jan 17, 2024 by mike-hunhoff
block system shutdown rule idea
#875 opened Jan 17, 2024 by mike-hunhoff
Detect Safengine Shielden (limitation) rule idea
#873 opened Jan 12, 2024 by mike-hunhoff
synchronized fn callback execution (extend create-thread.yml)? rule idea
#872 opened Jan 12, 2024 by mike-hunhoff
1
discussion: organizing Android/mobile focused capa rules
#850 opened Nov 22, 2023 by mike-hunhoff
3
restrict to os: android? or maybe the name and API namespace are sufficient?
#849 opened Nov 22, 2023 by mike-hunhoff
null-preserving XOR not identified enhancement New feature or request
#840 opened Nov 6, 2023 by Ana06
2
Namespaces load-code vs. host-interaction/process/inject etc.
#830 opened Sep 23, 2023 by mr-tz
Support ATT&CK Mobile techniques (linter)
#819 opened Aug 28, 2023 by mr-tz
find rule candidates from stackoverflow rule idea
#772 opened Jun 9, 2023 by williballenthin
defender evasion via exclusion directory rule idea
#759 opened May 12, 2023 by ghost
CI: lint max length of bytes feature CI Continous integration documentation Improvements or additions to documentation enhancement New feature or request
#747 opened Apr 17, 2023 by mike-hunhoff
CI: lint hex values to enforce consistent capitalization CI Continous integration documentation Improvements or additions to documentation enhancement New feature or request
#746 opened Apr 17, 2023 by mike-hunhoff
HardHat C2 Detections good first issue Good for newcomers rule idea
#742 opened Mar 31, 2023 by mike-hunhoff
@EmperialX
2
rules for ELF/Linux sample
#736 opened Mar 26, 2023 by williballenthin
14
add reference to capa install instructions to PR suggestions documentation Improvements or additions to documentation
#727 opened Mar 20, 2023 by mike-hunhoff
detect uncommon .NET entry points good first issue Good for newcomers rule idea
#725 opened Mar 16, 2023 by mike-hunhoff
1
Cleanup Nt* and Zw* api definitions enhancement New feature or request question Further information is requested
#720 opened Mar 11, 2023 by mr-tz
2
stream path rule: filename::$DATA (unnamed default data stream)
#719 opened Mar 6, 2023 by mr-tz
ProTip! Updated in the last three days: updated:>2024-05-20.