├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ ├── false_negative.md │ ├── false_positive.md │ └── rule_idea.md ├── pull_request_template.md ├── scripts │ ├── changelog_author.py │ └── create_releases.py └── workflows │ ├── release.yml │ ├── sync.yml │ └── tests.yml ├── LICENSE.txt ├── README.md ├── anti-analysis ├── anti-av │ ├── block-operations-on-executable-memory-pages-using-arbitrary-code-guard.yml │ ├── check-for-sandbox-and-av-modules.yml │ ├── patch-antimalware-scan-interface-function.yml │ ├── patch-event-tracing-for-windows-function.yml │ └── protect-spawned-processes-with-mitigation-policies.yml ├── anti-debugging │ ├── debugger-detection │ │ ├── check-for-debugger-via-api.yml │ │ ├── check-for-hardware-breakpoints.yml │ │ ├── check-for-kernel-debugger-via-shared-user-data-structure.yml │ │ ├── check-for-outputdebugstring-error.yml │ │ ├── check-for-peb-beingdebugged-flag.yml │ │ ├── check-for-peb-ntglobalflag-flag.yml │ │ ├── check-for-protected-handle-exception.yml │ │ ├── check-for-software-breakpoints.yml │ │ ├── check-for-time-delay-via-gettickcount.yml │ │ ├── check-for-time-delay-via-queryperformancecounter.yml │ │ ├── check-for-trap-flag-exception.yml │ │ ├── check-for-unexpected-memory-writes.yml │ │ ├── check-process-job-object.yml │ │ ├── check-processdebugport.yml │ │ └── execute-anti-debugging-instructions.yml │ └── debugger-evasion │ │ └── hide-thread-from-debugger.yml ├── anti-disasm │ ├── 64-bit-execution-via-heavens-gate.yml │ └── contain-anti-disasm-techniques.yml ├── anti-emulation │ └── wine │ │ └── check-if-process-is-running-under-wine.yml ├── anti-forensic │ ├── clear-logs │ │ └── clear-windows-event-logs.yml │ ├── crash-the-windows-event-logging-service.yml │ ├── impersonate-file-version-information.yml │ ├── patch-process-command-line.yml │ ├── self-deletion │ │ └── self-delete.yml │ ├── spoof-parent-pid.yml │ └── timestomp │ │ └── timestomp-file.yml ├── anti-vm │ └── vm-detection │ │ ├── check-for-foreground-window-switch.yml │ │ ├── check-for-microsoft-office-emulation.yml │ │ ├── check-for-sandbox-username-or-hostname.yml │ │ ├── check-for-unmoving-mouse-cursor.yml │ │ ├── check-for-windows-sandbox-via-device.yml │ │ ├── check-for-windows-sandbox-via-dns-suffix.yml │ │ ├── check-for-windows-sandbox-via-genuine-state.yml │ │ ├── check-for-windows-sandbox-via-process-name.yml │ │ ├── check-for-windows-sandbox-via-registry.yml │ │ ├── detect-vm-via-disk-hardware-wmi-queries.yml │ │ ├── detect-vm-via-motherboard-hardware-wmi-queries.yml │ │ ├── reference-anti-vm-strings-targeting-parallels.yml │ │ ├── reference-anti-vm-strings-targeting-qemu.yml │ │ ├── reference-anti-vm-strings-targeting-virtualbox.yml │ │ ├── reference-anti-vm-strings-targeting-virtualpc.yml │ │ ├── reference-anti-vm-strings-targeting-vmware.yml │ │ ├── reference-anti-vm-strings-targeting-xen.yml │ │ └── reference-anti-vm-strings.yml ├── obfuscation │ ├── obfuscated-with-advobfuscator.yml │ ├── obfuscated-with-babel-obfuscator.yml │ ├── obfuscated-with-callobfuscator.yml │ ├── obfuscated-with-deepsea-obfuscator.yml │ ├── obfuscated-with-dotfuscator.yml │ ├── obfuscated-with-smartassembly.yml │ ├── obfuscated-with-spicesdotnet-obfuscator.yml │ ├── obfuscated-with-vs-obfuscation.yml │ ├── obfuscated-with-yano.yml │ └── string │ │ └── stackstring │ │ └── contain-obfuscated-stackstrings.yml ├── packer │ ├── amber │ │ └── packed-with-amber.yml │ ├── aspack │ │ └── packed-with-aspack.yml │ ├── confuser │ │ └── packed-with-confuser.yml │ ├── generic │ │ └── packed-with-generic-packer.yml │ ├── gopacker │ │ └── packed-with-gopacker.yml │ ├── huan │ │ └── packed-with-huan.yml │ ├── kkrunchy │ │ └── packed-with-kkrunchy.yml │ ├── nspack │ │ └── packed-with-nspack.yml │ ├── pebundle │ │ └── packed-with-pebundle.yml │ ├── pecompact │ │ └── packed-with-pecompact.yml │ ├── pelocknt │ │ └── packed-with-pelocknt.yml │ ├── peshield │ │ └── packed-with-peshield.yml │ ├── pespin │ │ └── packed-with-pespin.yml │ ├── petite │ │ └── packed-with-petite.yml │ ├── rlpack │ │ └── packed-with-rlpack.yml │ ├── themida │ │ └── packed-with-themida.yml │ ├── upack │ │ └── packed-with-upack.yml │ ├── upx │ │ └── packed-with-upx.yml │ ├── vmprotect │ │ └── packed-with-vmprotect.yml │ └── y0da │ │ └── packed-with-y0da-crypter.yml └── reference-analysis-tools-strings.yml ├── collection ├── acquire-credentials-from-windows-credential-manager.yml ├── browser │ ├── gather-chrome-based-browser-login-information.yml │ └── gather-firefox-profile-information.yml ├── credit-card │ └── parse-credit-card-information.yml ├── database │ ├── sql │ │ └── reference-sql-statements.yml │ └── wmi │ │ └── reference-wmi-statements.yml ├── file-managers │ ├── gather-3d-ftp-information.yml │ ├── gather-alftp-information.yml │ ├── gather-bitkinex-information.yml │ ├── gather-blazeftp-information.yml │ ├── gather-bulletproof-ftp-information.yml │ ├── gather-classicftp-information.yml │ ├── gather-coreftp-information.yml │ ├── gather-cuteftp-information.yml │ ├── gather-cyberduck-information.yml │ ├── gather-direct-ftp-information.yml │ ├── gather-directory-opus-information.yml │ ├── gather-expandrive-information.yml │ ├── gather-faststone-browser-information.yml │ ├── gather-fasttrack-ftp-information.yml │ ├── gather-ffftp-information.yml │ ├── gather-filezilla-information.yml │ ├── gather-flashfxp-information.yml │ ├── gather-fling-ftp-information.yml │ ├── gather-freshftp-information.yml │ ├── gather-frigate3-information.yml │ ├── gather-ftp-commander-information.yml │ ├── gather-ftp-explorer-information.yml │ ├── gather-ftp-voyager-information.yml │ ├── gather-ftpgetter-information.yml │ ├── gather-ftpinfo-information.yml │ ├── gather-ftpnow-information.yml │ ├── gather-ftprush-information.yml │ ├── gather-ftpshell-information.yml │ ├── gather-global-downloader-information.yml │ ├── gather-goftp-information.yml │ ├── gather-leapftp-information.yml │ ├── gather-netdrive-information.yml │ ├── gather-nexusfile-information.yml │ ├── gather-nova-ftp-information.yml │ ├── gather-robo-ftp-information.yml │ ├── gather-securefx-information.yml │ ├── gather-smart-ftp-information.yml │ ├── gather-softx-ftp-information.yml │ ├── gather-southriver-webdrive-information.yml │ ├── gather-staff-ftp-information.yml │ ├── gather-total-commander-information.yml │ ├── gather-turbo-ftp-information.yml │ ├── gather-ultrafxp-information.yml │ ├── gather-winscp-information.yml │ ├── gather-winzip-information.yml │ ├── gather-wise-ftp-information.yml │ ├── gather-ws-ftp-information.yml │ └── gather-xftp-information.yml ├── get-geographical-location.yml ├── group-policy │ └── discover-group-policy-via-gpresult.yml ├── keylog │ ├── log-keystrokes-via-application-hook.yml │ ├── log-keystrokes-via-polling.yml │ └── log-keystrokes.yml ├── microphone │ └── capture-microphone-audio.yml ├── network │ ├── capture-network-configuration-via-ipconfig.yml │ ├── capture-packets-using-sharppcap.yml │ ├── capture-public-ip.yml │ ├── get-domain-trust-relationships.yml │ └── get-mac-address-on-windows.yml ├── password-manager │ └── steal-keepass-passwords-using-keefarce.yml ├── screenshot │ ├── capture-screenshot-via-keybd-event.yml │ └── capture-screenshot.yml ├── use-dotnet-library-sharpclipboard.yml └── webcam │ └── capture-webcam-image.yml ├── communication ├── c2 │ ├── file-transfer │ │ ├── download-and-write-a-file.yml │ │ └── write-and-execute-a-file.yml │ └── shell │ │ ├── create-reverse-shell-on-linux.yml │ │ ├── create-reverse-shell.yml │ │ ├── execute-shell-command-and-capture-output.yml │ │ └── execute-shell-command-received-from-socket-on-linux.yml ├── dns │ ├── reference-dns-over-https-endpoints.yml │ └── resolve-dns.yml ├── ftp │ └── send │ │ └── send-file-using-ftp.yml ├── http │ ├── client │ │ ├── check-http-status-code.yml │ │ ├── connect-to-http-server.yml │ │ ├── connect-to-url.yml │ │ ├── create-bits-job.yml │ │ ├── create-http-request.yml │ │ ├── decompress-http-response-via-iencodingfilterfactory.yml │ │ ├── download-url.yml │ │ ├── extract-http-body.yml │ │ ├── get-http-document-via-iwebbrowser2.yml │ │ ├── get-http-response-content-encoding.yml │ │ ├── prepare-http-request.yml │ │ ├── read-data-from-internet.yml │ │ ├── receive-http-response.yml │ │ ├── send-file-via-http.yml │ │ └── send-http-request.yml │ ├── get-http-content-length.yml │ ├── initialize-iwebbrowser2.yml │ ├── initialize-winhttp-library.yml │ ├── read-http-header.yml │ ├── reference-http-user-agent-string.yml │ ├── server │ │ ├── receive-http-request.yml │ │ ├── send-http-response.yml │ │ └── start-http-server.yml │ └── set-http-header.yml ├── icmp │ └── send-icmp-echo-request.yml ├── ip │ └── convert-ip-address-from-string.yml ├── mailslot │ ├── create-mailslot.yml │ └── read-from-mailslot.yml ├── named-pipe │ ├── connect │ │ └── connect-pipe.yml │ ├── create │ │ ├── create-pipe.yml │ │ └── create-two-anonymous-pipes.yml │ ├── read │ │ └── read-pipe.yml │ └── write │ │ └── write-pipe.yml ├── receive-data.yml ├── send-data.yml ├── socket │ ├── create-raw-socket.yml │ ├── create-vmci-socket.yml │ ├── get-socket-status.yml │ ├── initialize-winsock-library.yml │ ├── receive │ │ └── receive-data-on-socket.yml │ ├── send │ │ └── send-data-on-socket.yml │ ├── set-socket-configuration.yml │ ├── tcp │ │ ├── connect-tcp-socket.yml │ │ ├── create-tcp-socket-via-raw-afd-driver.yml │ │ ├── create-tcp-socket.yml │ │ └── send │ │ │ ├── obtain-transmitpackets-callback-function-via-wsaioctl.yml │ │ │ └── send-tcp-data-via-wfp-api.yml │ └── udp │ │ └── send │ │ └── create-udp-socket.yml └── tcp │ ├── client │ └── act-as-tcp-client.yml │ └── serve │ └── start-tcp-server.yml ├── compiler ├── autohotkey │ └── compiled-with-autohotkey.yml ├── autoit │ └── compiled-with-autoit.yml ├── cx_freeze │ └── compiled-with-cx_freeze.yml ├── d │ └── compiled-with-dmd.yml ├── delphi │ └── compiled-with-borland-delphi.yml ├── exe4j │ └── compiled-with-exe4j.yml ├── go │ └── compiled-with-go.yml ├── mingw │ └── compiled-with-mingw-for-windows.yml ├── nim │ └── compiled-with-nim.yml ├── nuitka │ └── compiled-with-nuitka.yml ├── perl2exe │ └── compiled-with-perl2exe.yml ├── ps2exe │ └── compiled-with-ps2exe.yml ├── py2exe │ └── compiled-with-py2exe.yml ├── pyarmor │ └── compiled-with-pyarmor.yml ├── rust │ └── compiled-with-rust.yml ├── v │ └── compiled-with-v.yml ├── vb │ └── compiled-from-visual-basic.yml └── zig │ └── compiled-with-zig.yml ├── data-manipulation ├── checksum │ ├── adler32 │ │ └── compute-adler32-checksum.yml │ ├── crc32 │ │ └── hash-data-with-crc32.yml │ └── luhn │ │ └── validate-payment-card-number-using-luhn-algorithm.yml ├── compression │ ├── compress-data-using-lzo.yml │ ├── compress-data-via-winapi.yml │ ├── compress-data-via-zlib-inflate-or-deflate.yml │ ├── create-cabinet-on-windows.yml │ ├── decompress-data-using-aplib.yml │ ├── decompress-data-using-lzo.yml │ ├── decompress-data-using-quicklz.yml │ ├── decompress-data-using-ucl.yml │ ├── decompress-data-via-iencodingfilterfactory.yml │ └── extract-cabinet-on-windows.yml ├── encoding │ ├── base64 │ │ ├── decode-data-using-base64-via-dword-translation-table.yml │ │ ├── decode-data-using-base64-via-winapi.yml │ │ ├── encode-data-using-base64-via-winapi.yml │ │ ├── encode-data-using-base64.yml │ │ └── reference-base64-string.yml │ ├── encode-data-using-add-xor-sub-operations.yml │ └── xor │ │ └── encode-data-using-xor.yml ├── encryption │ ├── aes │ │ ├── decrypt-data-using-aes-via-x86-extensions.yml │ │ ├── encrypt-data-using-aes-mixcolumns-step.yml │ │ ├── encrypt-data-using-aes-via-dotnet.yml │ │ ├── encrypt-data-using-aes-via-winapi.yml │ │ ├── manually-build-aes-constants.yml │ │ └── use-dotnet-library-encryptdecryptutils.yml │ ├── blowfish │ │ └── encrypt-data-using-blowfish.yml │ ├── camellia │ │ └── encrypt-data-using-camellia.yml │ ├── create-new-key-via-cryptacquirecontext.yml │ ├── des │ │ ├── encrypt-data-using-des-via-winapi.yml │ │ └── encrypt-data-using-des.yml │ ├── dpapi │ │ └── encrypt-data-using-dpapi.yml │ ├── elliptic-curve │ │ └── encrypt-data-using-curve25519.yml │ ├── encrypt-data-using-memfrob-from-glibc.yml │ ├── encrypt-or-decrypt-via-wincrypt.yml │ ├── get-outbound-credentials-handle-via-credssp.yml │ ├── hc-128 │ │ ├── encrypt-data-using-hc-128-via-wolfssl.yml │ │ └── encrypt-data-using-hc-128.yml │ ├── import-public-key.yml │ ├── rc4 │ │ ├── encrypt-data-using-rc4-ksa.yml │ │ ├── encrypt-data-using-rc4-prga.yml │ │ ├── encrypt-data-using-rc4-via-systemfunction032.yml │ │ ├── encrypt-data-using-rc4-via-winapi.yml │ │ └── encrypt-data-using-rc4-with-custom-key-via-winapi.yml │ ├── rc6 │ │ └── encrypt-data-using-rc6.yml │ ├── rsa │ │ └── reference-public-rsa-key.yml │ ├── skipjack │ │ └── encrypt-data-using-skipjack.yml │ ├── sosemanuk │ │ └── encrypt-data-using-sosemanuk.yml │ ├── tea │ │ ├── decrypt-data-using-tea.yml │ │ └── encrypt-data-using-tea.yml │ ├── twofish │ │ └── encrypt-data-using-twofish.yml │ ├── vest │ │ └── encrypt-data-using-vest.yml │ ├── xtea │ │ └── encrypt-data-using-xtea.yml │ └── xxtea │ │ └── encrypt-data-using-xxtea.yml ├── hashing │ ├── djb2 │ │ └── hash-data-using-djb2.yml │ ├── fnv │ │ └── hash-data-using-fnv.yml │ ├── hash-data-via-wincrypt.yml │ ├── md5 │ │ └── hash-data-with-md5.yml │ ├── murmur │ │ └── hash-data-using-murmur3.yml │ ├── sha1 │ │ └── hash-data-using-sha1.yml │ ├── sha224 │ │ └── hash-data-using-sha224.yml │ ├── sha256 │ │ └── hash-data-using-sha256.yml │ ├── sha384 │ │ └── hash-data-using-sha384.yml │ ├── sha512 │ │ └── hash-data-using-sha512.yml │ └── tiger │ │ └── hash-data-using-tiger.yml ├── hmac │ └── authenticate-hmac.yml ├── json │ └── use-dotnet-library-newtonsoftjson.yml ├── prng │ ├── generate-random-numbers-via-rtlgenrandom.yml │ ├── generate-random-numbers-via-winapi.yml │ └── mersenne │ │ └── generate-random-numbers-using-a-mersenne-twister.yml └── svg │ └── use-dotnet-library-sharpvectors.yml ├── doc └── format.md ├── executable ├── dotnet-singlefile │ ├── bundled-with-dotnet-single-file-deployment.yml │ └── packaged-as-single-file-dotnet-application.yml ├── installer │ ├── iexpress │ │ └── packaged-as-an-iexpress-self-extracting-archive.yml │ └── inno-setup │ │ └── packaged-as-an-inno-setup-installer.yml ├── pe │ ├── export │ │ └── forwarded-export.yml │ ├── pdb │ │ └── contains-pdb-path.yml │ └── section │ │ └── tls │ │ └── contain-a-thread-local-storage-tls-section.yml ├── resource │ ├── access-dotnet-resource.yml │ ├── embed-dependencies-as-resources-using-fodycostura.yml │ └── extract-resource-via-kernel32-functions.yml └── subfile │ └── pe │ └── contain-an-embedded-pe-file.yml ├── host-interaction ├── bootloader │ ├── disable-code-signing.yml │ ├── get-uefi-variable.yml │ ├── manipulate-boot-configuration.yml │ ├── manipulate-safe-mode-programs.yml │ └── set-uefi-variable.yml ├── cli │ ├── accept-command-line-arguments.yml │ └── resolve-path-using-msvcrt.yml ├── clipboard │ ├── open-clipboard.yml │ ├── read-clipboard-data.yml │ └── write-clipboard-data.yml ├── console │ └── manipulate-console-buffer.yml ├── driver │ ├── create-device-object.yml │ ├── disable-driver-code-integrity.yml │ ├── install-driver.yml │ ├── interact-with-driver-via-ioctl.yml │ └── unload-driver.yml ├── environment-variable │ ├── get-comspec-environment-variable.yml │ ├── query-environment-variable.yml │ └── set-environment-variable.yml ├── file-system │ ├── bypass-mark-of-the-web.yml │ ├── change-file-permission-on-linux.yml │ ├── copy │ │ └── copy-file.yml │ ├── create-virtual-file-system-in-dotnet.yml │ ├── create │ │ └── create-directory.yml │ ├── delete │ │ ├── delete-directory.yml │ │ └── delete-file.yml │ ├── exists │ │ └── check-if-file-exists.yml │ ├── files │ │ └── list │ │ │ ├── enumerate-files-on-linux.yml │ │ │ ├── enumerate-files-on-windows.yml │ │ │ └── enumerate-files-recursively.yml │ ├── get-common-file-path.yml │ ├── get-file-system-object-information.yml │ ├── get-program-files-directory.yml │ ├── get-windows-directory-from-kuser_shared_data.yml │ ├── meta │ │ ├── get-file-attributes.yml │ │ ├── get-file-size.yml │ │ ├── get-file-version-info.yml │ │ └── set-file-attributes.yml │ ├── move │ │ └── move-file.yml │ ├── read │ │ ├── read-file-on-linux.yml │ │ ├── read-file-on-windows.yml │ │ ├── read-file-via-mapping.yml │ │ ├── read-ini-file.yml │ │ └── read-virtual-disk.yml │ ├── reference-absolute-stream-path-on-windows.yml │ ├── windows-file-protection │ │ └── bypass-windows-file-protection.yml │ └── write │ │ ├── write-file-on-linux.yml │ │ └── write-file-on-windows.yml ├── filter │ ├── enumerate-minifilter-drivers.yml │ ├── register-minifilter-driver.yml │ └── start-minifilter-driver.yml ├── firewall │ └── modify │ │ └── access-firewall-settings-via-inetfwmgr.yml ├── gui │ ├── console │ │ └── set-console-window-title.yml │ ├── enumerate-gui-resources.yml │ ├── logon │ │ └── references-logon-banner.yml │ ├── session │ │ ├── lock │ │ │ └── lock-the-desktop.yml │ │ └── wallpaper │ │ │ └── change-the-wallpaper.yml │ ├── set-application-hook.yml │ ├── switch-active-desktop.yml │ ├── taskbar │ │ ├── find │ │ │ └── find-taskbar.yml │ │ └── hide │ │ │ └── hide-the-windows-taskbar.yml │ └── window │ │ ├── find │ │ └── find-graphical-window.yml │ │ ├── get-text │ │ └── get-graphical-window-text.yml │ │ └── hide │ │ └── hide-graphical-window.yml ├── hardware │ ├── cdrom │ │ └── manipulate-cd-rom-drive.yml │ ├── cpu │ │ ├── get-cpu-information.yml │ │ ├── get-number-of-processor-cores.yml │ │ └── get-number-of-processors.yml │ ├── enumerate-devices-by-category.yml │ ├── keyboard │ │ ├── get-keyboard-layout.yml │ │ └── simulate-ctrl-alt-del.yml │ ├── memory │ │ ├── get-memory-capacity.yml │ │ └── get-memory-information.yml │ ├── mouse │ │ └── swap-mouse-buttons.yml │ └── storage │ │ ├── enumerate-disk-properties.yml │ │ ├── get-disk-information.yml │ │ └── get-disk-size.yml ├── log │ ├── clfs │ │ └── read-data-from-clfs-log-container.yml │ ├── debug │ │ └── write-event │ │ │ └── print-debug-messages.yml │ └── winevt │ │ └── access │ │ └── access-the-windows-event-log.yml ├── memory │ └── create-new-application-domain-in-dotnet.yml ├── mutex │ ├── check-mutex-and-exit.yml │ ├── check-mutex.yml │ ├── create-mutex.yml │ ├── create-semaphore-on-linux.yml │ ├── lock-file.yml │ ├── lock-semaphore-on-linux.yml │ └── unlock-semaphore-on-linux.yml ├── network │ ├── address │ │ └── get-local-ipv4-addresses.yml │ ├── connectivity │ │ ├── check-internet-connectivity-via-wininet.yml │ │ └── set-tcp-connection-state.yml │ ├── domain │ │ ├── enumerate-domain-computers-via-ldap.yml │ │ ├── get-domain-controller-name.yml │ │ └── get-domain-information.yml │ ├── interface │ │ └── get-networking-interfaces.yml │ └── traffic │ │ ├── copy │ │ └── copy-network-traffic.yml │ │ └── filter │ │ └── register-network-filter-via-wfp-api.yml ├── os │ ├── hostname │ │ └── get-hostname.yml │ ├── info │ │ └── get-system-information-on-windows.yml │ ├── shutdown-system.yml │ └── version │ │ ├── check-os-version.yml │ │ ├── get-kernel-version.yml │ │ └── get-linux-distribution.yml ├── process │ ├── create │ │ ├── create-a-process-with-modified-io-handles-and-window.yml │ │ ├── create-process-on-linux.yml │ │ ├── create-process-on-windows.yml │ │ ├── create-process-suspended.yml │ │ └── execute-command.yml │ ├── dump │ │ └── create-process-memory-minidump.yml │ ├── get-process-heap-flags.yml │ ├── get-process-heap-force-flags.yml │ ├── inject │ │ ├── allocate-or-change-rwx-memory.yml │ │ ├── allocate-user-process-rwx-memory.yml │ │ ├── attach-user-process-memory.yml │ │ ├── free-user-process-memory.yml │ │ ├── hijack-thread-execution.yml │ │ ├── inject-apc.yml │ │ ├── inject-dll.yml │ │ ├── inject-pe.yml │ │ ├── inject-shellcode-using-a-file-mapping-object.yml │ │ ├── inject-shellcode-using-extra-window-memory.yml │ │ ├── inject-shellcode-using-window-subclass-procedure.yml │ │ ├── inject-thread.yml │ │ ├── process-ghostly-hollowing.yml │ │ ├── use-process-doppelgänging.yml │ │ └── use-process-replacement.yml │ ├── list │ │ ├── enumerate-processes-on-remote-desktop-session-host.yml │ │ ├── enumerate-processes-via-ntquerysysteminformation.yml │ │ ├── enumerate-processes.yml │ │ ├── find-process-by-pid.yml │ │ └── get-explorer-pid.yml │ ├── map-section-object.yml │ ├── modify │ │ ├── acquire-debug-privileges.yml │ │ └── modify-access-privileges.yml │ ├── modules │ │ └── list │ │ │ └── enumerate-process-modules.yml │ └── terminate │ │ ├── terminate-process-via-kill.yml │ │ └── terminate-process.yml ├── recycle-bin │ └── empty-recycle-bin-quietly.yml ├── registry │ ├── create-registry-key-via-offline-registry-library.yml │ ├── create │ │ └── set-registry-value.yml │ ├── delete │ │ ├── delete-registry-key.yml │ │ └── delete-registry-value.yml │ ├── open-registry-key-via-offline-registry-library.yml │ ├── query-or-enumerate-registry-key.yml │ ├── query-or-enumerate-registry-value.yml │ ├── query-registry-key-via-offline-registry-library.yml │ └── set-registry-key-via-offline-registry-library.yml ├── service │ ├── continue-service.yml │ ├── create │ │ └── create-service.yml │ ├── delete │ │ └── delete-service.yml │ ├── list │ │ └── enumerate-services.yml │ ├── modify │ │ └── modify-service.yml │ ├── pause-service.yml │ ├── query-service-configuration.yml │ ├── query-service-status.yml │ ├── run-as-service.yml │ ├── start │ │ └── start-service.yml │ └── stop │ │ └── stop-service.yml ├── session │ ├── get-current-user-on-linux.yml │ ├── get-logon-sessions.yml │ ├── get-session-integrity-level.yml │ ├── get-session-user-name.yml │ ├── get-token-membership.yml │ └── get-user-security-identifier.yml ├── software │ └── get-installed-programs.yml ├── thread │ ├── create │ │ └── create-thread.yml │ ├── list │ │ └── enumerate-threads.yml │ ├── resume │ │ └── resume-thread.yml │ ├── suspend │ │ └── suspend-thread.yml │ ├── terminate │ │ └── terminate-thread.yml │ └── tls │ │ ├── allocate-thread-local-storage.yml │ │ └── set-thread-local-storage-value.yml ├── uac │ └── bypass │ │ ├── bypass-uac-via-appinfo-alpc.yml │ │ ├── bypass-uac-via-icmluautil.yml │ │ ├── bypass-uac-via-rpc.yml │ │ └── bypass-uac-via-token-manipulation.yml └── wmi │ └── connect-to-wmi-namespace-via-wbemlocator.yml ├── impact ├── inhibit-system-recovery │ └── delete-volume-shadow-copies.yml └── wipe-disk │ ├── delete-drive-layout-via-ioctl.yml │ └── wipe-mbr │ └── overwrite-master-boot-record-mbr.yml ├── internal └── limitation │ └── file │ ├── README.md │ ├── internal-autohotkey-file-limitation.yml │ ├── internal-autoit-file-limitation.yml │ ├── internal-dotnet-single-file-deployment-limitation.yml │ ├── internal-installer-file-limitation.yml │ ├── internal-packer-file-limitation.yml │ └── internal-visual-basic-file-limitation.yml ├── lib ├── allocate-memory.yml ├── allocate-or-change-rw-memory.yml ├── calculate-modulo-256-via-x86-assembly.yml ├── change-memory-protection.yml ├── contain-loop.yml ├── contain-pusha-popa-sequence.yml ├── create-file-compression-interface-context-on-windows.yml ├── create-file-decompression-interface-context-on-windows.yml ├── create-or-open-file.yml ├── create-or-open-registry-key.yml ├── create-or-open-section-object.yml ├── delay-execution.yml ├── duplicate-stdin-and-stdout.yml ├── get-os-version.yml ├── get-service-handle.yml ├── open-process.yml ├── open-thread.yml ├── peb-access.yml ├── validate-payment-card-number-using-luhn-algorithm-with-lookup-table.yml ├── validate-payment-card-number-using-luhn-algorithm-with-no-lookup-table.yml └── write-process-memory.yml ├── linking ├── runtime-linking │ ├── access-peb-ldr_data.yml │ ├── get-kernel32-base-address.yml │ ├── get-ntdll-base-address.yml │ ├── link-function-at-runtime-on-windows.yml │ ├── link-many-functions-at-runtime.yml │ ├── resolve-function-by-brute-ratel-badger-hash.yml │ └── resolve-function-by-fin8-fasthash.yml └── static │ ├── aplib │ └── linked-against-aplib.yml │ ├── cryptopp │ └── linked-against-crypto.yml │ ├── libcurl │ └── linked-against-libcurl.yml │ ├── linked-against-cpp-standard-library.yml │ ├── msdetours │ └── linked-against-microsoft-detours.yml │ ├── openssl │ └── linked-against-openssl.yml │ ├── polarssl │ └── linked-against-polarsslmbed-tls.yml │ ├── sqlite3 │ ├── linked-against-cppsqlite3.yml │ └── linked-against-sqlite3.yml │ ├── wolfcrypt │ └── linked-against-wolfcrypt.yml │ ├── wolfssl │ └── linked-against-wolfssl.yml │ └── zlib │ └── linked-against-zlib.yml ├── load-code ├── dotnet │ └── load-windows-common-language-runtime.yml ├── execute-vbscript-javascript-or-jscript-in-memory.yml ├── pe │ ├── access-pe-header.yml │ ├── enumerate-pe-sections.yml │ ├── inject-dll-reflectively.yml │ ├── inspect-section-memory-permissions.yml │ ├── parse-pe-header.yml │ ├── rebuild-import-table.yml │ └── resolve-function-by-parsing-pe-exports.yml ├── powershell │ └── run-powershell-expression.yml └── shellcode │ ├── execute-shellcode-via-copyfile2.yml │ ├── execute-shellcode-via-createthreadpoolwait.yml │ ├── execute-shellcode-via-windows-callback-function.yml │ ├── execute-shellcode-via-windows-fibers.yml │ └── spawn-thread-to-rwx-shellcode.yml ├── malware-family └── plugx │ └── match-known-plugx-module.yml ├── nursery ├── access-camera-in-dotnet-on-android.yml ├── access-wmi-data-in-dotnet.yml ├── add-user-account-group.yml ├── add-user-account-to-group.yml ├── add-user-account.yml ├── add-value-to-global-atom-table.yml ├── allocate-unmanaged-memory-in-dotnet.yml ├── append-data-to-clfs-log-container.yml ├── authenticate-data-with-md5-mac.yml ├── build-docker-image.yml ├── bypass-uac-via-scheduled-task-environment-variable.yml ├── capture-microphone-audio-in-dotnet-on-android.yml ├── capture-network-configuration-via-ifconfig.yml ├── capture-process-snapshot-data.yml ├── capture-screenshot-in-dotnet-on-android.yml ├── capture-screenshot-in-go.yml ├── capture-webcam-video.yml ├── change-user-account-password.yml ├── check-clipboard-data.yml ├── check-file-extension-in-dotnet.yml ├── check-for-incoming-call-in-dotnet-on-android.yml ├── check-for-minimum-number-of-windows-on-screen.yml ├── check-for-outgoing-call-in-dotnet-on-android.yml ├── check-for-process-debug-object.yml ├── check-for-sandbox-via-mac-address-ouis-in-dotnet.yml ├── check-for-vm-using-instruction-vpcext.yml ├── check-for-windows-sandbox-via-mutex.yml ├── check-for-windows-sandbox-via-subdirectory.yml ├── check-if-directory-exists.yml ├── check-license-value.yml ├── check-processdebugflags.yml ├── check-systemkerneldebuggerinformation.yml ├── check-thread-yield-allowed.yml ├── clear-clipboard-data.yml ├── collect-ssh-keys.yml ├── communicate-with-kernel-module-via-netlink-socket-on-linux.yml ├── compare-security-identifiers.yml ├── compile-csharp-in-dotnet.yml ├── compile-dotnet-assembly.yml ├── compile-visual-basic-in-dotnet.yml ├── compiled-from-epl.yml ├── compiled-with-exescript.yml ├── compiled-with-xamarin.yml ├── compress-data-using-gzip-in-dotnet.yml ├── connect-network-resource.yml ├── contain-a-thread-local-storage-tls-section-in-dotnet.yml ├── covertly-decode-and-write-data-to-windows-directory-using-indirect-calls.yml ├── create-container.yml ├── create-process-via-wmi-in-dotnet.yml ├── create-registry-key-via-stdregprov.yml ├── create-restart-manager-session.yml ├── create-zip-archive-in-dotnet.yml ├── debug-build.yml ├── decode-data-using-base64-in-dotnet.yml ├── decode-data-using-url-encoding.yml ├── decrypt-data-using-rsa.yml ├── decrypt-data-via-sspi.yml ├── delete-internet-cache.yml ├── delete-registry-key-via-offline-registry-library.yml ├── delete-registry-key-via-stdregprov.yml ├── delete-registry-value-via-stdregprov.yml ├── delete-user-account-from-group.yml ├── delete-user-account-group.yml ├── delete-user-account.yml ├── delete-windows-backup-catalog.yml ├── deserialize-json-in-dotnet.yml ├── destroy-software-breakpoint-capability.yml ├── disable-automatic-windows-recovery-features.yml ├── display-service-notification-message-box.yml ├── empty-the-recycle-bin.yml ├── enable-safe-mode-boot.yml ├── encrypt-data-using-aes-via-x86-extensions.yml ├── encrypt-data-using-aes.yml ├── encrypt-data-using-fakem-cipher.yml ├── encrypt-data-using-openssl-dsa.yml ├── encrypt-data-using-openssl-ecdsa.yml ├── encrypt-data-using-openssl-rsa.yml ├── encrypt-data-using-rsa.yml ├── encrypt-data-using-salsa20-or-chacha.yml ├── encrypt-data-via-sspi.yml ├── encrypt-or-decrypt-data-via-bcrypt.yml ├── enumerate-browser-history.yml ├── enumerate-device-drivers-on-linux.yml ├── enumerate-device-drivers-on-windows.yml ├── enumerate-disk-volumes.yml ├── enumerate-drives.yml ├── enumerate-files-in-dotnet.yml ├── enumerate-internet-cache.yml ├── enumerate-network-shares.yml ├── enumerate-pe-sections-in-dotnet.yml ├── enumerate-processes-that-use-resource.yml ├── enumerate-processes-via-procfs.yml ├── enumerate-system-firmware-tables.yml ├── execute-dotnet-assembly.yml ├── execute-shell-command-via-windows-remote-management.yml ├── execute-shellcode-via-indirect-call.yml ├── execute-sqlite-statement-in-dotnet.yml ├── execute-syscall-instruction.yml ├── execute-via-asynchronous-task-in-dotnet.yml ├── execute-via-timer-in-dotnet.yml ├── extract-zip-archive-in-dotnet.yml ├── find-data-using-regex-in-dotnet.yml ├── find-process-by-name.yml ├── generate-method-via-reflection-in-dotnet.yml ├── generate-random-bytes-in-dotnet.yml ├── generate-random-filename-in-dotnet.yml ├── generate-random-numbers-in-dotnet.yml ├── generate-random-numbers-using-the-delphi-lcg.yml ├── get-client-handle-via-schannel.yml ├── get-current-pid-on-linux.yml ├── get-current-process-command-line.yml ├── get-current-process-file-path.yml ├── get-disk-information-via-ioctl.yml ├── get-file-system-information-on-linux.yml ├── get-http-request-uri.yml ├── get-inbound-credentials-handle-via-credssp.yml ├── get-mac-address-in-dotnet.yml ├── get-mac-address-on-linux.yml ├── get-networking-parameters.yml ├── get-ntoskrnl-base-address.yml ├── get-os-information-via-kuser_shared_data.yml ├── get-os-version-in-dotnet-on-android.yml ├── get-os-version-in-dotnet.yml ├── get-password-database-entry-on-linux.yml ├── get-process-image-filename.yml ├── get-proxy.yml ├── get-remote-cert-context-via-schannel.yml ├── get-routing-table.yml ├── get-session-information.yml ├── get-socket-information.yml ├── get-storage-device-properties.yml ├── get-system-firmware-table.yml ├── get-system-information-on-linux.yml ├── get-system-web-proxy.yml ├── get-thread-local-storage-value.yml ├── get-token-privileges.yml ├── get-volume-information-via-ioctl.yml ├── hash-data-using-aphash.yml ├── hash-data-using-crc32b.yml ├── hash-data-using-jshash.yml ├── hash-data-using-md4.yml ├── hash-data-using-murmur2.yml ├── hash-data-using-ripemd128.yml ├── hash-data-using-ripemd256.yml ├── hash-data-using-ripemd320.yml ├── hash-data-using-rshash.yml ├── hash-data-using-sha1-via-wincrypt.yml ├── hash-data-using-sha1-via-x86-extensions.yml ├── hash-data-using-sha256-via-x86-extensions.yml ├── hash-data-using-sha512managed-in-dotnet.yml ├── hash-data-using-whirlpool.yml ├── hash-data-via-bcrypt.yml ├── hook-routines-via-dlsym-rtld_next.yml ├── hook-routines-via-microsoft-detours.yml ├── hooked-by-api-override.yml ├── impersonate-user.yml ├── implement-com-dll.yml ├── initialize-hashing-via-wincrypt.yml ├── inspect-load-icon-resource.yml ├── interact-with-iptables.yml ├── invoke-dotnet-assembly-method.yml ├── link-function-at-runtime-on-linux.yml ├── linked-against-cpp-http-library.yml ├── linked-against-cpp-json-library.yml ├── linked-against-cpp-regex-library.yml ├── linked-against-go-process-enumeration-library.yml ├── linked-against-go-registry-library.yml ├── linked-against-go-static-asset-library.yml ├── linked-against-go-wmi-library.yml ├── linked-against-hp-socket.yml ├── linked-against-libsodium.yml ├── linked-against-xzip.yml ├── list-containers.yml ├── list-domain-servers.yml ├── list-drag-and-drop-files.yml ├── list-groups-for-user-account.yml ├── list-tcp-connections-and-listeners.yml ├── list-udp-connections-and-listeners.yml ├── list-user-account-groups.yml ├── list-user-accounts-for-group.yml ├── list-user-accounts.yml ├── listen-for-remote-procedure-calls.yml ├── load-dotnet-assembly.yml ├── load-xml-in-dotnet.yml ├── log-keystrokes-via-input-method-manager.yml ├── log-keystrokes-via-raw-input-data.yml ├── make-an-http-request-with-a-cookie.yml ├── manipulate-console-window.yml ├── manipulate-network-credentials-in-dotnet.yml ├── manipulate-unmanaged-memory-in-dotnet.yml ├── manipulate-user-privileges.yml ├── mark-thread-detached-on-linux.yml ├── migrate-process-to-active-window-station.yml ├── mixed-mode.yml ├── monitor-clipboard-content.yml ├── monitor-local-ipv4-address-changes.yml ├── move-directory.yml ├── obfuscated-with-koivm.yml ├── packaged-as-a-createinstall-installer.yml ├── packaged-as-a-nsis-installer.yml ├── packaged-as-a-pintool.yml ├── packaged-as-a-winzip-self-extracting-archive.yml ├── packaged-as-a-wise-installer.yml ├── packaged-as-an-installshield-installer.yml ├── packed-with-ccg.yml ├── packed-with-crunch.yml ├── packed-with-dragon-armor.yml ├── packed-with-enigma.yml ├── packed-with-epack.yml ├── packed-with-maskpe.yml ├── packed-with-mew.yml ├── packed-with-mpress.yml ├── packed-with-neolite.yml ├── packed-with-pepack.yml ├── packed-with-perplex.yml ├── packed-with-procrypt.yml ├── packed-with-rpcrypt.yml ├── packed-with-seausfx.yml ├── packed-with-shrinker.yml ├── packed-with-simple-pack.yml ├── packed-with-starforce.yml ├── packed-with-svkp.yml ├── packed-with-tsuloader.yml ├── packed-with-vprotect.yml ├── packed-with-wwpack.yml ├── parse-url.yml ├── persist-via-gnome-autostart-on-linux.yml ├── power-down-monitor.yml ├── prompt-user-for-credentials.yml ├── query-or-enumerate-registry-key-via-stdregprov.yml ├── query-or-enumerate-registry-value-via-stdregprov.yml ├── query-remote-server-for-available-data.yml ├── read-and-send-data-from-client-to-server.yml ├── read-process-memory.yml ├── read-raw-disk-data.yml ├── rebuilt-by-imprec.yml ├── receive-and-write-data-from-server-to-client.yml ├── reference-114dns-dns-server.yml ├── reference-aes-constants.yml ├── reference-alidns-dns-server.yml ├── reference-base58-string.yml ├── reference-cloudflare-dns-server.yml ├── reference-comodo-secure-dns-server.yml ├── reference-cryptocurrency-strings.yml ├── reference-google-public-dns-server.yml ├── reference-hurricane-electric-dns-server.yml ├── reference-kornet-dns-server.yml ├── reference-l3-dns-server.yml ├── reference-opendns-dns-server.yml ├── reference-processor-manufacturer-constants.yml ├── reference-quad9-dns-server.yml ├── reference-screen-saver-executable.yml ├── reference-startup-folder.yml ├── reference-the-vmware-io-port.yml ├── reference-verisign-dns-server.yml ├── register-http-server-url.yml ├── register-raw-input-devices.yml ├── resize-volume-shadow-copy-storage.yml ├── resolve-function-by-djb2-hash.yml ├── resolve-function-by-fnv-1a-hash.yml ├── resolve-function-by-hash.yml ├── run-in-container.yml ├── save-image-in-dotnet.yml ├── schedule-task-via-itaskservice.yml ├── search-for-credit-card-data.yml ├── send-data-to-internet.yml ├── send-email-in-dotnet.yml ├── send-http-request-with-host-header.yml ├── send-keystrokes.yml ├── send-request-in-dotnet.yml ├── send-sms-on-android.yml ├── serialize-json-in-dotnet.yml ├── set-current-directory.yml ├── set-global-application-hook.yml ├── set-http-cookie.yml ├── set-http-user-agent-in-dotnet.yml ├── set-registry-value-via-stdregprov.yml ├── set-thread-name-on-linux.yml ├── set-web-proxy-in-dotnet.yml ├── terminate-process-by-name-in-dotnet.yml ├── terminate-process-by-name.yml ├── unmanaged-call-via-dynamic-pinvoke-in-dotnet.yml ├── unmanaged-call.yml └── unmount-volume-via-ioctl.yml ├── persistence ├── act-as-dhcp-server-callout-dll.yml ├── act-as-dns-server-plugin-dll.yml ├── authentication-process │ ├── act-as-credential-manager-dll.yml │ ├── act-as-password-filter-dll.yml │ ├── act-as-security-support-provider-dll.yml │ └── act-as-subauthentication-package-dll.yml ├── create-shortcut-via-ishelllink.yml ├── exchange │ └── act-as-exchange-transport-agent.yml ├── iis │ ├── persist-via-iis-module.yml │ └── persist-via-isapi-extension.yml ├── office │ ├── act-as-excel-xll-add-in.yml │ ├── act-as-office-com-add-in.yml │ └── act-as-word-wll-add-in.yml ├── persist-via-desktop-autostart.yml ├── persist-via-shell-profile-or-rc-file.yml ├── registry │ ├── appinitdlls │ │ ├── disable-appinit_dlls-code-signature-enforcement.yml │ │ └── persist-via-appinit_dlls-registry-key.yml │ ├── ginadll │ │ └── persist-via-ginadll-registry-key.yml │ ├── persist-via-active-setup-registry-key.yml │ ├── run │ │ └── persist-via-run-registry-key.yml │ └── winlogon-helper │ │ └── persist-via-winlogon-helper-dll-registry-key.yml ├── scheduled-tasks │ ├── schedule-task-via-at.yml │ ├── schedule-task-via-itaskscheduler.yml │ └── schedule-task-via-schtasks.yml ├── service │ ├── persist-via-rc-script.yml │ └── persist-via-windows-service.yml └── startup-folder │ ├── get-startup-folder.yml │ └── write-file-to-startup-folder.yml ├── runtime └── dotnet │ ├── compiled-to-the-dotnet-platform.yml │ └── execute-via-dotnet-startup-hook.yml └── targeting ├── automated-teller-machine ├── diebold-nixdorf │ ├── load-diebold-nixdorf-atm-library.yml │ └── reference-diebold-atm-routines.yml ├── identify-atm-dispenser-service-provider.yml └── ncr │ ├── load-ncr-atm-library.yml │ └── reference-ncr-atm-library-routines.yml └── language └── identify-system-language-via-api.yml /.gitattributes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/.gitattributes -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/false_negative.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/.github/ISSUE_TEMPLATE/false_negative.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/false_positive.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/.github/ISSUE_TEMPLATE/false_positive.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/rule_idea.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/.github/ISSUE_TEMPLATE/rule_idea.md -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/.github/pull_request_template.md -------------------------------------------------------------------------------- /.github/scripts/changelog_author.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/.github/scripts/changelog_author.py -------------------------------------------------------------------------------- /.github/scripts/create_releases.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/.github/scripts/create_releases.py -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/.github/workflows/release.yml -------------------------------------------------------------------------------- /.github/workflows/sync.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/.github/workflows/sync.yml -------------------------------------------------------------------------------- /.github/workflows/tests.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/.github/workflows/tests.yml -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/LICENSE.txt -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/README.md -------------------------------------------------------------------------------- /anti-analysis/anti-av/check-for-sandbox-and-av-modules.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/anti-av/check-for-sandbox-and-av-modules.yml -------------------------------------------------------------------------------- /anti-analysis/anti-av/patch-antimalware-scan-interface-function.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/anti-av/patch-antimalware-scan-interface-function.yml -------------------------------------------------------------------------------- /anti-analysis/anti-av/patch-event-tracing-for-windows-function.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/anti-av/patch-event-tracing-for-windows-function.yml -------------------------------------------------------------------------------- /anti-analysis/anti-disasm/64-bit-execution-via-heavens-gate.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/anti-disasm/64-bit-execution-via-heavens-gate.yml -------------------------------------------------------------------------------- /anti-analysis/anti-disasm/contain-anti-disasm-techniques.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/anti-disasm/contain-anti-disasm-techniques.yml -------------------------------------------------------------------------------- /anti-analysis/anti-forensic/clear-logs/clear-windows-event-logs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/anti-forensic/clear-logs/clear-windows-event-logs.yml -------------------------------------------------------------------------------- /anti-analysis/anti-forensic/patch-process-command-line.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/anti-forensic/patch-process-command-line.yml -------------------------------------------------------------------------------- /anti-analysis/anti-forensic/self-deletion/self-delete.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/anti-forensic/self-deletion/self-delete.yml -------------------------------------------------------------------------------- /anti-analysis/anti-forensic/spoof-parent-pid.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/anti-forensic/spoof-parent-pid.yml -------------------------------------------------------------------------------- /anti-analysis/anti-forensic/timestomp/timestomp-file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/anti-forensic/timestomp/timestomp-file.yml -------------------------------------------------------------------------------- /anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings.yml -------------------------------------------------------------------------------- /anti-analysis/obfuscation/obfuscated-with-advobfuscator.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/obfuscation/obfuscated-with-advobfuscator.yml -------------------------------------------------------------------------------- /anti-analysis/obfuscation/obfuscated-with-babel-obfuscator.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/obfuscation/obfuscated-with-babel-obfuscator.yml -------------------------------------------------------------------------------- /anti-analysis/obfuscation/obfuscated-with-callobfuscator.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/obfuscation/obfuscated-with-callobfuscator.yml -------------------------------------------------------------------------------- /anti-analysis/obfuscation/obfuscated-with-deepsea-obfuscator.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/obfuscation/obfuscated-with-deepsea-obfuscator.yml -------------------------------------------------------------------------------- /anti-analysis/obfuscation/obfuscated-with-dotfuscator.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/obfuscation/obfuscated-with-dotfuscator.yml -------------------------------------------------------------------------------- /anti-analysis/obfuscation/obfuscated-with-smartassembly.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/obfuscation/obfuscated-with-smartassembly.yml -------------------------------------------------------------------------------- /anti-analysis/obfuscation/obfuscated-with-vs-obfuscation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/obfuscation/obfuscated-with-vs-obfuscation.yml -------------------------------------------------------------------------------- /anti-analysis/obfuscation/obfuscated-with-yano.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/obfuscation/obfuscated-with-yano.yml -------------------------------------------------------------------------------- /anti-analysis/packer/amber/packed-with-amber.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/amber/packed-with-amber.yml -------------------------------------------------------------------------------- /anti-analysis/packer/aspack/packed-with-aspack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/aspack/packed-with-aspack.yml -------------------------------------------------------------------------------- /anti-analysis/packer/confuser/packed-with-confuser.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/confuser/packed-with-confuser.yml -------------------------------------------------------------------------------- /anti-analysis/packer/generic/packed-with-generic-packer.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/generic/packed-with-generic-packer.yml -------------------------------------------------------------------------------- /anti-analysis/packer/gopacker/packed-with-gopacker.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/gopacker/packed-with-gopacker.yml -------------------------------------------------------------------------------- /anti-analysis/packer/huan/packed-with-huan.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/huan/packed-with-huan.yml -------------------------------------------------------------------------------- /anti-analysis/packer/kkrunchy/packed-with-kkrunchy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/kkrunchy/packed-with-kkrunchy.yml -------------------------------------------------------------------------------- /anti-analysis/packer/nspack/packed-with-nspack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/nspack/packed-with-nspack.yml -------------------------------------------------------------------------------- /anti-analysis/packer/pebundle/packed-with-pebundle.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/pebundle/packed-with-pebundle.yml -------------------------------------------------------------------------------- /anti-analysis/packer/pecompact/packed-with-pecompact.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/pecompact/packed-with-pecompact.yml -------------------------------------------------------------------------------- /anti-analysis/packer/pelocknt/packed-with-pelocknt.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/pelocknt/packed-with-pelocknt.yml -------------------------------------------------------------------------------- /anti-analysis/packer/peshield/packed-with-peshield.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/peshield/packed-with-peshield.yml -------------------------------------------------------------------------------- /anti-analysis/packer/pespin/packed-with-pespin.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/pespin/packed-with-pespin.yml -------------------------------------------------------------------------------- /anti-analysis/packer/petite/packed-with-petite.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/petite/packed-with-petite.yml -------------------------------------------------------------------------------- /anti-analysis/packer/rlpack/packed-with-rlpack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/rlpack/packed-with-rlpack.yml -------------------------------------------------------------------------------- /anti-analysis/packer/themida/packed-with-themida.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/themida/packed-with-themida.yml -------------------------------------------------------------------------------- /anti-analysis/packer/upack/packed-with-upack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/upack/packed-with-upack.yml -------------------------------------------------------------------------------- /anti-analysis/packer/upx/packed-with-upx.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/upx/packed-with-upx.yml -------------------------------------------------------------------------------- /anti-analysis/packer/vmprotect/packed-with-vmprotect.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/vmprotect/packed-with-vmprotect.yml -------------------------------------------------------------------------------- /anti-analysis/packer/y0da/packed-with-y0da-crypter.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/packer/y0da/packed-with-y0da-crypter.yml -------------------------------------------------------------------------------- /anti-analysis/reference-analysis-tools-strings.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/anti-analysis/reference-analysis-tools-strings.yml -------------------------------------------------------------------------------- /collection/acquire-credentials-from-windows-credential-manager.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/acquire-credentials-from-windows-credential-manager.yml -------------------------------------------------------------------------------- /collection/browser/gather-firefox-profile-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/browser/gather-firefox-profile-information.yml -------------------------------------------------------------------------------- /collection/credit-card/parse-credit-card-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/credit-card/parse-credit-card-information.yml -------------------------------------------------------------------------------- /collection/database/sql/reference-sql-statements.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/database/sql/reference-sql-statements.yml -------------------------------------------------------------------------------- /collection/database/wmi/reference-wmi-statements.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/database/wmi/reference-wmi-statements.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-3d-ftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-3d-ftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-alftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-alftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-bitkinex-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-bitkinex-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-blazeftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-blazeftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-bulletproof-ftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-bulletproof-ftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-classicftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-classicftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-coreftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-coreftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-cuteftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-cuteftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-cyberduck-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-cyberduck-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-direct-ftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-direct-ftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-directory-opus-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-directory-opus-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-expandrive-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-expandrive-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-faststone-browser-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-faststone-browser-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-fasttrack-ftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-fasttrack-ftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-ffftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-ffftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-filezilla-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-filezilla-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-flashfxp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-flashfxp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-fling-ftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-fling-ftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-freshftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-freshftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-frigate3-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-frigate3-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-ftp-commander-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-ftp-commander-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-ftp-explorer-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-ftp-explorer-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-ftp-voyager-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-ftp-voyager-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-ftpgetter-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-ftpgetter-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-ftpinfo-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-ftpinfo-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-ftpnow-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-ftpnow-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-ftprush-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-ftprush-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-ftpshell-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-ftpshell-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-global-downloader-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-global-downloader-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-goftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-goftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-leapftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-leapftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-netdrive-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-netdrive-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-nexusfile-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-nexusfile-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-nova-ftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-nova-ftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-robo-ftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-robo-ftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-securefx-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-securefx-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-smart-ftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-smart-ftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-softx-ftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-softx-ftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-southriver-webdrive-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-southriver-webdrive-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-staff-ftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-staff-ftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-total-commander-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-total-commander-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-turbo-ftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-turbo-ftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-ultrafxp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-ultrafxp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-winscp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-winscp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-winzip-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-winzip-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-wise-ftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-wise-ftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-ws-ftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-ws-ftp-information.yml -------------------------------------------------------------------------------- /collection/file-managers/gather-xftp-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/file-managers/gather-xftp-information.yml -------------------------------------------------------------------------------- /collection/get-geographical-location.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/get-geographical-location.yml -------------------------------------------------------------------------------- /collection/group-policy/discover-group-policy-via-gpresult.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/group-policy/discover-group-policy-via-gpresult.yml -------------------------------------------------------------------------------- /collection/keylog/log-keystrokes-via-application-hook.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/keylog/log-keystrokes-via-application-hook.yml -------------------------------------------------------------------------------- /collection/keylog/log-keystrokes-via-polling.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/keylog/log-keystrokes-via-polling.yml -------------------------------------------------------------------------------- /collection/keylog/log-keystrokes.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/keylog/log-keystrokes.yml -------------------------------------------------------------------------------- /collection/microphone/capture-microphone-audio.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/microphone/capture-microphone-audio.yml -------------------------------------------------------------------------------- /collection/network/capture-network-configuration-via-ipconfig.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/network/capture-network-configuration-via-ipconfig.yml -------------------------------------------------------------------------------- /collection/network/capture-packets-using-sharppcap.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/network/capture-packets-using-sharppcap.yml -------------------------------------------------------------------------------- /collection/network/capture-public-ip.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/network/capture-public-ip.yml -------------------------------------------------------------------------------- /collection/network/get-domain-trust-relationships.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/network/get-domain-trust-relationships.yml -------------------------------------------------------------------------------- /collection/network/get-mac-address-on-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/network/get-mac-address-on-windows.yml -------------------------------------------------------------------------------- /collection/screenshot/capture-screenshot-via-keybd-event.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/screenshot/capture-screenshot-via-keybd-event.yml -------------------------------------------------------------------------------- /collection/screenshot/capture-screenshot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/screenshot/capture-screenshot.yml -------------------------------------------------------------------------------- /collection/use-dotnet-library-sharpclipboard.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/use-dotnet-library-sharpclipboard.yml -------------------------------------------------------------------------------- /collection/webcam/capture-webcam-image.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/collection/webcam/capture-webcam-image.yml -------------------------------------------------------------------------------- /communication/c2/file-transfer/download-and-write-a-file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/c2/file-transfer/download-and-write-a-file.yml -------------------------------------------------------------------------------- /communication/c2/file-transfer/write-and-execute-a-file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/c2/file-transfer/write-and-execute-a-file.yml -------------------------------------------------------------------------------- /communication/c2/shell/create-reverse-shell-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/c2/shell/create-reverse-shell-on-linux.yml -------------------------------------------------------------------------------- /communication/c2/shell/create-reverse-shell.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/c2/shell/create-reverse-shell.yml -------------------------------------------------------------------------------- /communication/c2/shell/execute-shell-command-and-capture-output.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/c2/shell/execute-shell-command-and-capture-output.yml -------------------------------------------------------------------------------- /communication/dns/reference-dns-over-https-endpoints.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/dns/reference-dns-over-https-endpoints.yml -------------------------------------------------------------------------------- /communication/dns/resolve-dns.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/dns/resolve-dns.yml -------------------------------------------------------------------------------- /communication/ftp/send/send-file-using-ftp.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/ftp/send/send-file-using-ftp.yml -------------------------------------------------------------------------------- /communication/http/client/check-http-status-code.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/client/check-http-status-code.yml -------------------------------------------------------------------------------- /communication/http/client/connect-to-http-server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/client/connect-to-http-server.yml -------------------------------------------------------------------------------- /communication/http/client/connect-to-url.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/client/connect-to-url.yml -------------------------------------------------------------------------------- /communication/http/client/create-bits-job.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/client/create-bits-job.yml -------------------------------------------------------------------------------- /communication/http/client/create-http-request.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/client/create-http-request.yml -------------------------------------------------------------------------------- /communication/http/client/download-url.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/client/download-url.yml -------------------------------------------------------------------------------- /communication/http/client/extract-http-body.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/client/extract-http-body.yml -------------------------------------------------------------------------------- /communication/http/client/get-http-document-via-iwebbrowser2.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/client/get-http-document-via-iwebbrowser2.yml -------------------------------------------------------------------------------- /communication/http/client/get-http-response-content-encoding.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/client/get-http-response-content-encoding.yml -------------------------------------------------------------------------------- /communication/http/client/prepare-http-request.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/client/prepare-http-request.yml -------------------------------------------------------------------------------- /communication/http/client/read-data-from-internet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/client/read-data-from-internet.yml -------------------------------------------------------------------------------- /communication/http/client/receive-http-response.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/client/receive-http-response.yml -------------------------------------------------------------------------------- /communication/http/client/send-file-via-http.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/client/send-file-via-http.yml -------------------------------------------------------------------------------- /communication/http/client/send-http-request.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/client/send-http-request.yml -------------------------------------------------------------------------------- /communication/http/get-http-content-length.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/get-http-content-length.yml -------------------------------------------------------------------------------- /communication/http/initialize-iwebbrowser2.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/initialize-iwebbrowser2.yml -------------------------------------------------------------------------------- /communication/http/initialize-winhttp-library.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/initialize-winhttp-library.yml -------------------------------------------------------------------------------- /communication/http/read-http-header.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/read-http-header.yml -------------------------------------------------------------------------------- /communication/http/reference-http-user-agent-string.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/reference-http-user-agent-string.yml -------------------------------------------------------------------------------- /communication/http/server/receive-http-request.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/server/receive-http-request.yml -------------------------------------------------------------------------------- /communication/http/server/send-http-response.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/server/send-http-response.yml -------------------------------------------------------------------------------- /communication/http/server/start-http-server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/server/start-http-server.yml -------------------------------------------------------------------------------- /communication/http/set-http-header.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/http/set-http-header.yml -------------------------------------------------------------------------------- /communication/icmp/send-icmp-echo-request.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/icmp/send-icmp-echo-request.yml -------------------------------------------------------------------------------- /communication/ip/convert-ip-address-from-string.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/ip/convert-ip-address-from-string.yml -------------------------------------------------------------------------------- /communication/mailslot/create-mailslot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/mailslot/create-mailslot.yml -------------------------------------------------------------------------------- /communication/mailslot/read-from-mailslot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/mailslot/read-from-mailslot.yml -------------------------------------------------------------------------------- /communication/named-pipe/connect/connect-pipe.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/named-pipe/connect/connect-pipe.yml -------------------------------------------------------------------------------- /communication/named-pipe/create/create-pipe.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/named-pipe/create/create-pipe.yml -------------------------------------------------------------------------------- /communication/named-pipe/create/create-two-anonymous-pipes.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/named-pipe/create/create-two-anonymous-pipes.yml -------------------------------------------------------------------------------- /communication/named-pipe/read/read-pipe.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/named-pipe/read/read-pipe.yml -------------------------------------------------------------------------------- /communication/named-pipe/write/write-pipe.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/named-pipe/write/write-pipe.yml -------------------------------------------------------------------------------- /communication/receive-data.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/receive-data.yml -------------------------------------------------------------------------------- /communication/send-data.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/send-data.yml -------------------------------------------------------------------------------- /communication/socket/create-raw-socket.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/socket/create-raw-socket.yml -------------------------------------------------------------------------------- /communication/socket/create-vmci-socket.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/socket/create-vmci-socket.yml -------------------------------------------------------------------------------- /communication/socket/get-socket-status.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/socket/get-socket-status.yml -------------------------------------------------------------------------------- /communication/socket/initialize-winsock-library.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/socket/initialize-winsock-library.yml -------------------------------------------------------------------------------- /communication/socket/receive/receive-data-on-socket.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/socket/receive/receive-data-on-socket.yml -------------------------------------------------------------------------------- /communication/socket/send/send-data-on-socket.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/socket/send/send-data-on-socket.yml -------------------------------------------------------------------------------- /communication/socket/set-socket-configuration.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/socket/set-socket-configuration.yml -------------------------------------------------------------------------------- /communication/socket/tcp/connect-tcp-socket.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/socket/tcp/connect-tcp-socket.yml -------------------------------------------------------------------------------- /communication/socket/tcp/create-tcp-socket-via-raw-afd-driver.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/socket/tcp/create-tcp-socket-via-raw-afd-driver.yml -------------------------------------------------------------------------------- /communication/socket/tcp/create-tcp-socket.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/socket/tcp/create-tcp-socket.yml -------------------------------------------------------------------------------- /communication/socket/tcp/send/send-tcp-data-via-wfp-api.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/socket/tcp/send/send-tcp-data-via-wfp-api.yml -------------------------------------------------------------------------------- /communication/socket/udp/send/create-udp-socket.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/socket/udp/send/create-udp-socket.yml -------------------------------------------------------------------------------- /communication/tcp/client/act-as-tcp-client.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/tcp/client/act-as-tcp-client.yml -------------------------------------------------------------------------------- /communication/tcp/serve/start-tcp-server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/communication/tcp/serve/start-tcp-server.yml -------------------------------------------------------------------------------- /compiler/autohotkey/compiled-with-autohotkey.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/autohotkey/compiled-with-autohotkey.yml -------------------------------------------------------------------------------- /compiler/autoit/compiled-with-autoit.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/autoit/compiled-with-autoit.yml -------------------------------------------------------------------------------- /compiler/cx_freeze/compiled-with-cx_freeze.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/cx_freeze/compiled-with-cx_freeze.yml -------------------------------------------------------------------------------- /compiler/d/compiled-with-dmd.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/d/compiled-with-dmd.yml -------------------------------------------------------------------------------- /compiler/delphi/compiled-with-borland-delphi.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/delphi/compiled-with-borland-delphi.yml -------------------------------------------------------------------------------- /compiler/exe4j/compiled-with-exe4j.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/exe4j/compiled-with-exe4j.yml -------------------------------------------------------------------------------- /compiler/go/compiled-with-go.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/go/compiled-with-go.yml -------------------------------------------------------------------------------- /compiler/mingw/compiled-with-mingw-for-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/mingw/compiled-with-mingw-for-windows.yml -------------------------------------------------------------------------------- /compiler/nim/compiled-with-nim.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/nim/compiled-with-nim.yml -------------------------------------------------------------------------------- /compiler/nuitka/compiled-with-nuitka.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/nuitka/compiled-with-nuitka.yml -------------------------------------------------------------------------------- /compiler/perl2exe/compiled-with-perl2exe.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/perl2exe/compiled-with-perl2exe.yml -------------------------------------------------------------------------------- /compiler/ps2exe/compiled-with-ps2exe.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/ps2exe/compiled-with-ps2exe.yml -------------------------------------------------------------------------------- /compiler/py2exe/compiled-with-py2exe.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/py2exe/compiled-with-py2exe.yml -------------------------------------------------------------------------------- /compiler/pyarmor/compiled-with-pyarmor.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/pyarmor/compiled-with-pyarmor.yml -------------------------------------------------------------------------------- /compiler/rust/compiled-with-rust.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/rust/compiled-with-rust.yml -------------------------------------------------------------------------------- /compiler/v/compiled-with-v.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/v/compiled-with-v.yml -------------------------------------------------------------------------------- /compiler/vb/compiled-from-visual-basic.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/vb/compiled-from-visual-basic.yml -------------------------------------------------------------------------------- /compiler/zig/compiled-with-zig.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/compiler/zig/compiled-with-zig.yml -------------------------------------------------------------------------------- /data-manipulation/checksum/adler32/compute-adler32-checksum.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/checksum/adler32/compute-adler32-checksum.yml -------------------------------------------------------------------------------- /data-manipulation/checksum/crc32/hash-data-with-crc32.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/checksum/crc32/hash-data-with-crc32.yml -------------------------------------------------------------------------------- /data-manipulation/compression/compress-data-using-lzo.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/compression/compress-data-using-lzo.yml -------------------------------------------------------------------------------- /data-manipulation/compression/compress-data-via-winapi.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/compression/compress-data-via-winapi.yml -------------------------------------------------------------------------------- /data-manipulation/compression/create-cabinet-on-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/compression/create-cabinet-on-windows.yml -------------------------------------------------------------------------------- /data-manipulation/compression/decompress-data-using-aplib.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/compression/decompress-data-using-aplib.yml -------------------------------------------------------------------------------- /data-manipulation/compression/decompress-data-using-lzo.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/compression/decompress-data-using-lzo.yml -------------------------------------------------------------------------------- /data-manipulation/compression/decompress-data-using-quicklz.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/compression/decompress-data-using-quicklz.yml -------------------------------------------------------------------------------- /data-manipulation/compression/decompress-data-using-ucl.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/compression/decompress-data-using-ucl.yml -------------------------------------------------------------------------------- /data-manipulation/compression/extract-cabinet-on-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/compression/extract-cabinet-on-windows.yml -------------------------------------------------------------------------------- /data-manipulation/encoding/base64/encode-data-using-base64.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encoding/base64/encode-data-using-base64.yml -------------------------------------------------------------------------------- /data-manipulation/encoding/base64/reference-base64-string.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encoding/base64/reference-base64-string.yml -------------------------------------------------------------------------------- /data-manipulation/encoding/xor/encode-data-using-xor.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encoding/xor/encode-data-using-xor.yml -------------------------------------------------------------------------------- /data-manipulation/encryption/aes/manually-build-aes-constants.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encryption/aes/manually-build-aes-constants.yml -------------------------------------------------------------------------------- /data-manipulation/encryption/des/encrypt-data-using-des.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encryption/des/encrypt-data-using-des.yml -------------------------------------------------------------------------------- /data-manipulation/encryption/dpapi/encrypt-data-using-dpapi.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encryption/dpapi/encrypt-data-using-dpapi.yml -------------------------------------------------------------------------------- /data-manipulation/encryption/encrypt-or-decrypt-via-wincrypt.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encryption/encrypt-or-decrypt-via-wincrypt.yml -------------------------------------------------------------------------------- /data-manipulation/encryption/hc-128/encrypt-data-using-hc-128.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encryption/hc-128/encrypt-data-using-hc-128.yml -------------------------------------------------------------------------------- /data-manipulation/encryption/import-public-key.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encryption/import-public-key.yml -------------------------------------------------------------------------------- /data-manipulation/encryption/rc4/encrypt-data-using-rc4-ksa.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encryption/rc4/encrypt-data-using-rc4-ksa.yml -------------------------------------------------------------------------------- /data-manipulation/encryption/rc4/encrypt-data-using-rc4-prga.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encryption/rc4/encrypt-data-using-rc4-prga.yml -------------------------------------------------------------------------------- /data-manipulation/encryption/rc6/encrypt-data-using-rc6.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encryption/rc6/encrypt-data-using-rc6.yml -------------------------------------------------------------------------------- /data-manipulation/encryption/rsa/reference-public-rsa-key.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encryption/rsa/reference-public-rsa-key.yml -------------------------------------------------------------------------------- /data-manipulation/encryption/tea/decrypt-data-using-tea.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encryption/tea/decrypt-data-using-tea.yml -------------------------------------------------------------------------------- /data-manipulation/encryption/tea/encrypt-data-using-tea.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encryption/tea/encrypt-data-using-tea.yml -------------------------------------------------------------------------------- /data-manipulation/encryption/twofish/encrypt-data-using-twofish.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encryption/twofish/encrypt-data-using-twofish.yml -------------------------------------------------------------------------------- /data-manipulation/encryption/vest/encrypt-data-using-vest.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encryption/vest/encrypt-data-using-vest.yml -------------------------------------------------------------------------------- /data-manipulation/encryption/xtea/encrypt-data-using-xtea.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encryption/xtea/encrypt-data-using-xtea.yml -------------------------------------------------------------------------------- /data-manipulation/encryption/xxtea/encrypt-data-using-xxtea.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/encryption/xxtea/encrypt-data-using-xxtea.yml -------------------------------------------------------------------------------- /data-manipulation/hashing/djb2/hash-data-using-djb2.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/hashing/djb2/hash-data-using-djb2.yml -------------------------------------------------------------------------------- /data-manipulation/hashing/fnv/hash-data-using-fnv.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/hashing/fnv/hash-data-using-fnv.yml -------------------------------------------------------------------------------- /data-manipulation/hashing/hash-data-via-wincrypt.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/hashing/hash-data-via-wincrypt.yml -------------------------------------------------------------------------------- /data-manipulation/hashing/md5/hash-data-with-md5.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/hashing/md5/hash-data-with-md5.yml -------------------------------------------------------------------------------- /data-manipulation/hashing/murmur/hash-data-using-murmur3.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/hashing/murmur/hash-data-using-murmur3.yml -------------------------------------------------------------------------------- /data-manipulation/hashing/sha1/hash-data-using-sha1.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/hashing/sha1/hash-data-using-sha1.yml -------------------------------------------------------------------------------- /data-manipulation/hashing/sha224/hash-data-using-sha224.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/hashing/sha224/hash-data-using-sha224.yml -------------------------------------------------------------------------------- /data-manipulation/hashing/sha256/hash-data-using-sha256.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/hashing/sha256/hash-data-using-sha256.yml -------------------------------------------------------------------------------- /data-manipulation/hashing/sha384/hash-data-using-sha384.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/hashing/sha384/hash-data-using-sha384.yml -------------------------------------------------------------------------------- /data-manipulation/hashing/sha512/hash-data-using-sha512.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/hashing/sha512/hash-data-using-sha512.yml -------------------------------------------------------------------------------- /data-manipulation/hashing/tiger/hash-data-using-tiger.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/hashing/tiger/hash-data-using-tiger.yml -------------------------------------------------------------------------------- /data-manipulation/hmac/authenticate-hmac.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/hmac/authenticate-hmac.yml -------------------------------------------------------------------------------- /data-manipulation/json/use-dotnet-library-newtonsoftjson.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/json/use-dotnet-library-newtonsoftjson.yml -------------------------------------------------------------------------------- /data-manipulation/prng/generate-random-numbers-via-rtlgenrandom.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/prng/generate-random-numbers-via-rtlgenrandom.yml -------------------------------------------------------------------------------- /data-manipulation/prng/generate-random-numbers-via-winapi.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/prng/generate-random-numbers-via-winapi.yml -------------------------------------------------------------------------------- /data-manipulation/svg/use-dotnet-library-sharpvectors.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/data-manipulation/svg/use-dotnet-library-sharpvectors.yml -------------------------------------------------------------------------------- /doc/format.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/doc/format.md -------------------------------------------------------------------------------- /executable/pe/export/forwarded-export.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/executable/pe/export/forwarded-export.yml -------------------------------------------------------------------------------- /executable/pe/pdb/contains-pdb-path.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/executable/pe/pdb/contains-pdb-path.yml -------------------------------------------------------------------------------- /executable/resource/access-dotnet-resource.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/executable/resource/access-dotnet-resource.yml -------------------------------------------------------------------------------- /executable/resource/extract-resource-via-kernel32-functions.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/executable/resource/extract-resource-via-kernel32-functions.yml -------------------------------------------------------------------------------- /executable/subfile/pe/contain-an-embedded-pe-file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/executable/subfile/pe/contain-an-embedded-pe-file.yml -------------------------------------------------------------------------------- /host-interaction/bootloader/disable-code-signing.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/bootloader/disable-code-signing.yml -------------------------------------------------------------------------------- /host-interaction/bootloader/get-uefi-variable.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/bootloader/get-uefi-variable.yml -------------------------------------------------------------------------------- /host-interaction/bootloader/manipulate-boot-configuration.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/bootloader/manipulate-boot-configuration.yml -------------------------------------------------------------------------------- /host-interaction/bootloader/manipulate-safe-mode-programs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/bootloader/manipulate-safe-mode-programs.yml -------------------------------------------------------------------------------- /host-interaction/bootloader/set-uefi-variable.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/bootloader/set-uefi-variable.yml -------------------------------------------------------------------------------- /host-interaction/cli/accept-command-line-arguments.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/cli/accept-command-line-arguments.yml -------------------------------------------------------------------------------- /host-interaction/cli/resolve-path-using-msvcrt.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/cli/resolve-path-using-msvcrt.yml -------------------------------------------------------------------------------- /host-interaction/clipboard/open-clipboard.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/clipboard/open-clipboard.yml -------------------------------------------------------------------------------- /host-interaction/clipboard/read-clipboard-data.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/clipboard/read-clipboard-data.yml -------------------------------------------------------------------------------- /host-interaction/clipboard/write-clipboard-data.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/clipboard/write-clipboard-data.yml -------------------------------------------------------------------------------- /host-interaction/console/manipulate-console-buffer.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/console/manipulate-console-buffer.yml -------------------------------------------------------------------------------- /host-interaction/driver/create-device-object.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/driver/create-device-object.yml -------------------------------------------------------------------------------- /host-interaction/driver/disable-driver-code-integrity.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/driver/disable-driver-code-integrity.yml -------------------------------------------------------------------------------- /host-interaction/driver/install-driver.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/driver/install-driver.yml -------------------------------------------------------------------------------- /host-interaction/driver/interact-with-driver-via-ioctl.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/driver/interact-with-driver-via-ioctl.yml -------------------------------------------------------------------------------- /host-interaction/driver/unload-driver.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/driver/unload-driver.yml -------------------------------------------------------------------------------- /host-interaction/environment-variable/set-environment-variable.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/environment-variable/set-environment-variable.yml -------------------------------------------------------------------------------- /host-interaction/file-system/bypass-mark-of-the-web.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/bypass-mark-of-the-web.yml -------------------------------------------------------------------------------- /host-interaction/file-system/change-file-permission-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/change-file-permission-on-linux.yml -------------------------------------------------------------------------------- /host-interaction/file-system/copy/copy-file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/copy/copy-file.yml -------------------------------------------------------------------------------- /host-interaction/file-system/create/create-directory.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/create/create-directory.yml -------------------------------------------------------------------------------- /host-interaction/file-system/delete/delete-directory.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/delete/delete-directory.yml -------------------------------------------------------------------------------- /host-interaction/file-system/delete/delete-file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/delete/delete-file.yml -------------------------------------------------------------------------------- /host-interaction/file-system/exists/check-if-file-exists.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/exists/check-if-file-exists.yml -------------------------------------------------------------------------------- /host-interaction/file-system/get-common-file-path.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/get-common-file-path.yml -------------------------------------------------------------------------------- /host-interaction/file-system/get-file-system-object-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/get-file-system-object-information.yml -------------------------------------------------------------------------------- /host-interaction/file-system/get-program-files-directory.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/get-program-files-directory.yml -------------------------------------------------------------------------------- /host-interaction/file-system/meta/get-file-attributes.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/meta/get-file-attributes.yml -------------------------------------------------------------------------------- /host-interaction/file-system/meta/get-file-size.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/meta/get-file-size.yml -------------------------------------------------------------------------------- /host-interaction/file-system/meta/get-file-version-info.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/meta/get-file-version-info.yml -------------------------------------------------------------------------------- /host-interaction/file-system/meta/set-file-attributes.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/meta/set-file-attributes.yml -------------------------------------------------------------------------------- /host-interaction/file-system/move/move-file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/move/move-file.yml -------------------------------------------------------------------------------- /host-interaction/file-system/read/read-file-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/read/read-file-on-linux.yml -------------------------------------------------------------------------------- /host-interaction/file-system/read/read-file-on-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/read/read-file-on-windows.yml -------------------------------------------------------------------------------- /host-interaction/file-system/read/read-file-via-mapping.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/read/read-file-via-mapping.yml -------------------------------------------------------------------------------- /host-interaction/file-system/read/read-ini-file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/read/read-ini-file.yml -------------------------------------------------------------------------------- /host-interaction/file-system/read/read-virtual-disk.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/read/read-virtual-disk.yml -------------------------------------------------------------------------------- /host-interaction/file-system/write/write-file-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/write/write-file-on-linux.yml -------------------------------------------------------------------------------- /host-interaction/file-system/write/write-file-on-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/file-system/write/write-file-on-windows.yml -------------------------------------------------------------------------------- /host-interaction/filter/enumerate-minifilter-drivers.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/filter/enumerate-minifilter-drivers.yml -------------------------------------------------------------------------------- /host-interaction/filter/register-minifilter-driver.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/filter/register-minifilter-driver.yml -------------------------------------------------------------------------------- /host-interaction/filter/start-minifilter-driver.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/filter/start-minifilter-driver.yml -------------------------------------------------------------------------------- /host-interaction/gui/console/set-console-window-title.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/gui/console/set-console-window-title.yml -------------------------------------------------------------------------------- /host-interaction/gui/enumerate-gui-resources.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/gui/enumerate-gui-resources.yml -------------------------------------------------------------------------------- /host-interaction/gui/logon/references-logon-banner.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/gui/logon/references-logon-banner.yml -------------------------------------------------------------------------------- /host-interaction/gui/session/lock/lock-the-desktop.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/gui/session/lock/lock-the-desktop.yml -------------------------------------------------------------------------------- /host-interaction/gui/session/wallpaper/change-the-wallpaper.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/gui/session/wallpaper/change-the-wallpaper.yml -------------------------------------------------------------------------------- /host-interaction/gui/set-application-hook.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/gui/set-application-hook.yml -------------------------------------------------------------------------------- /host-interaction/gui/switch-active-desktop.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/gui/switch-active-desktop.yml -------------------------------------------------------------------------------- /host-interaction/gui/taskbar/find/find-taskbar.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/gui/taskbar/find/find-taskbar.yml -------------------------------------------------------------------------------- /host-interaction/gui/taskbar/hide/hide-the-windows-taskbar.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/gui/taskbar/hide/hide-the-windows-taskbar.yml -------------------------------------------------------------------------------- /host-interaction/gui/window/find/find-graphical-window.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/gui/window/find/find-graphical-window.yml -------------------------------------------------------------------------------- /host-interaction/gui/window/get-text/get-graphical-window-text.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/gui/window/get-text/get-graphical-window-text.yml -------------------------------------------------------------------------------- /host-interaction/gui/window/hide/hide-graphical-window.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/gui/window/hide/hide-graphical-window.yml -------------------------------------------------------------------------------- /host-interaction/hardware/cdrom/manipulate-cd-rom-drive.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/hardware/cdrom/manipulate-cd-rom-drive.yml -------------------------------------------------------------------------------- /host-interaction/hardware/cpu/get-cpu-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/hardware/cpu/get-cpu-information.yml -------------------------------------------------------------------------------- /host-interaction/hardware/cpu/get-number-of-processor-cores.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/hardware/cpu/get-number-of-processor-cores.yml -------------------------------------------------------------------------------- /host-interaction/hardware/cpu/get-number-of-processors.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/hardware/cpu/get-number-of-processors.yml -------------------------------------------------------------------------------- /host-interaction/hardware/enumerate-devices-by-category.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/hardware/enumerate-devices-by-category.yml -------------------------------------------------------------------------------- /host-interaction/hardware/keyboard/get-keyboard-layout.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/hardware/keyboard/get-keyboard-layout.yml -------------------------------------------------------------------------------- /host-interaction/hardware/keyboard/simulate-ctrl-alt-del.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/hardware/keyboard/simulate-ctrl-alt-del.yml -------------------------------------------------------------------------------- /host-interaction/hardware/memory/get-memory-capacity.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/hardware/memory/get-memory-capacity.yml -------------------------------------------------------------------------------- /host-interaction/hardware/memory/get-memory-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/hardware/memory/get-memory-information.yml -------------------------------------------------------------------------------- /host-interaction/hardware/mouse/swap-mouse-buttons.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/hardware/mouse/swap-mouse-buttons.yml -------------------------------------------------------------------------------- /host-interaction/hardware/storage/enumerate-disk-properties.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/hardware/storage/enumerate-disk-properties.yml -------------------------------------------------------------------------------- /host-interaction/hardware/storage/get-disk-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/hardware/storage/get-disk-information.yml -------------------------------------------------------------------------------- /host-interaction/hardware/storage/get-disk-size.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/hardware/storage/get-disk-size.yml -------------------------------------------------------------------------------- /host-interaction/log/clfs/read-data-from-clfs-log-container.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/log/clfs/read-data-from-clfs-log-container.yml -------------------------------------------------------------------------------- /host-interaction/log/debug/write-event/print-debug-messages.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/log/debug/write-event/print-debug-messages.yml -------------------------------------------------------------------------------- /host-interaction/log/winevt/access/access-the-windows-event-log.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/log/winevt/access/access-the-windows-event-log.yml -------------------------------------------------------------------------------- /host-interaction/memory/create-new-application-domain-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/memory/create-new-application-domain-in-dotnet.yml -------------------------------------------------------------------------------- /host-interaction/mutex/check-mutex-and-exit.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/mutex/check-mutex-and-exit.yml -------------------------------------------------------------------------------- /host-interaction/mutex/check-mutex.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/mutex/check-mutex.yml -------------------------------------------------------------------------------- /host-interaction/mutex/create-mutex.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/mutex/create-mutex.yml -------------------------------------------------------------------------------- /host-interaction/mutex/create-semaphore-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/mutex/create-semaphore-on-linux.yml -------------------------------------------------------------------------------- /host-interaction/mutex/lock-file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/mutex/lock-file.yml -------------------------------------------------------------------------------- /host-interaction/mutex/lock-semaphore-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/mutex/lock-semaphore-on-linux.yml -------------------------------------------------------------------------------- /host-interaction/mutex/unlock-semaphore-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/mutex/unlock-semaphore-on-linux.yml -------------------------------------------------------------------------------- /host-interaction/network/address/get-local-ipv4-addresses.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/network/address/get-local-ipv4-addresses.yml -------------------------------------------------------------------------------- /host-interaction/network/connectivity/set-tcp-connection-state.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/network/connectivity/set-tcp-connection-state.yml -------------------------------------------------------------------------------- /host-interaction/network/domain/get-domain-controller-name.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/network/domain/get-domain-controller-name.yml -------------------------------------------------------------------------------- /host-interaction/network/domain/get-domain-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/network/domain/get-domain-information.yml -------------------------------------------------------------------------------- /host-interaction/network/interface/get-networking-interfaces.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/network/interface/get-networking-interfaces.yml -------------------------------------------------------------------------------- /host-interaction/network/traffic/copy/copy-network-traffic.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/network/traffic/copy/copy-network-traffic.yml -------------------------------------------------------------------------------- /host-interaction/os/hostname/get-hostname.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/os/hostname/get-hostname.yml -------------------------------------------------------------------------------- /host-interaction/os/info/get-system-information-on-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/os/info/get-system-information-on-windows.yml -------------------------------------------------------------------------------- /host-interaction/os/shutdown-system.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/os/shutdown-system.yml -------------------------------------------------------------------------------- /host-interaction/os/version/check-os-version.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/os/version/check-os-version.yml -------------------------------------------------------------------------------- /host-interaction/os/version/get-kernel-version.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/os/version/get-kernel-version.yml -------------------------------------------------------------------------------- /host-interaction/os/version/get-linux-distribution.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/os/version/get-linux-distribution.yml -------------------------------------------------------------------------------- /host-interaction/process/create/create-process-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/create/create-process-on-linux.yml -------------------------------------------------------------------------------- /host-interaction/process/create/create-process-on-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/create/create-process-on-windows.yml -------------------------------------------------------------------------------- /host-interaction/process/create/create-process-suspended.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/create/create-process-suspended.yml -------------------------------------------------------------------------------- /host-interaction/process/create/execute-command.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/create/execute-command.yml -------------------------------------------------------------------------------- /host-interaction/process/dump/create-process-memory-minidump.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/dump/create-process-memory-minidump.yml -------------------------------------------------------------------------------- /host-interaction/process/get-process-heap-flags.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/get-process-heap-flags.yml -------------------------------------------------------------------------------- /host-interaction/process/get-process-heap-force-flags.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/get-process-heap-force-flags.yml -------------------------------------------------------------------------------- /host-interaction/process/inject/allocate-or-change-rwx-memory.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/inject/allocate-or-change-rwx-memory.yml -------------------------------------------------------------------------------- /host-interaction/process/inject/attach-user-process-memory.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/inject/attach-user-process-memory.yml -------------------------------------------------------------------------------- /host-interaction/process/inject/free-user-process-memory.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/inject/free-user-process-memory.yml -------------------------------------------------------------------------------- /host-interaction/process/inject/hijack-thread-execution.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/inject/hijack-thread-execution.yml -------------------------------------------------------------------------------- /host-interaction/process/inject/inject-apc.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/inject/inject-apc.yml -------------------------------------------------------------------------------- /host-interaction/process/inject/inject-dll.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/inject/inject-dll.yml -------------------------------------------------------------------------------- /host-interaction/process/inject/inject-pe.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/inject/inject-pe.yml -------------------------------------------------------------------------------- /host-interaction/process/inject/inject-thread.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/inject/inject-thread.yml -------------------------------------------------------------------------------- /host-interaction/process/inject/process-ghostly-hollowing.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/inject/process-ghostly-hollowing.yml -------------------------------------------------------------------------------- /host-interaction/process/inject/use-process-doppelgänging.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/inject/use-process-doppelgänging.yml -------------------------------------------------------------------------------- /host-interaction/process/inject/use-process-replacement.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/inject/use-process-replacement.yml -------------------------------------------------------------------------------- /host-interaction/process/list/enumerate-processes.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/list/enumerate-processes.yml -------------------------------------------------------------------------------- /host-interaction/process/list/find-process-by-pid.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/list/find-process-by-pid.yml -------------------------------------------------------------------------------- /host-interaction/process/list/get-explorer-pid.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/list/get-explorer-pid.yml -------------------------------------------------------------------------------- /host-interaction/process/map-section-object.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/map-section-object.yml -------------------------------------------------------------------------------- /host-interaction/process/modify/acquire-debug-privileges.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/modify/acquire-debug-privileges.yml -------------------------------------------------------------------------------- /host-interaction/process/modify/modify-access-privileges.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/modify/modify-access-privileges.yml -------------------------------------------------------------------------------- /host-interaction/process/modules/list/enumerate-process-modules.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/modules/list/enumerate-process-modules.yml -------------------------------------------------------------------------------- /host-interaction/process/terminate/terminate-process-via-kill.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/terminate/terminate-process-via-kill.yml -------------------------------------------------------------------------------- /host-interaction/process/terminate/terminate-process.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/process/terminate/terminate-process.yml -------------------------------------------------------------------------------- /host-interaction/recycle-bin/empty-recycle-bin-quietly.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/recycle-bin/empty-recycle-bin-quietly.yml -------------------------------------------------------------------------------- /host-interaction/registry/create/set-registry-value.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/registry/create/set-registry-value.yml -------------------------------------------------------------------------------- /host-interaction/registry/delete/delete-registry-key.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/registry/delete/delete-registry-key.yml -------------------------------------------------------------------------------- /host-interaction/registry/delete/delete-registry-value.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/registry/delete/delete-registry-value.yml -------------------------------------------------------------------------------- /host-interaction/registry/query-or-enumerate-registry-key.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/registry/query-or-enumerate-registry-key.yml -------------------------------------------------------------------------------- /host-interaction/registry/query-or-enumerate-registry-value.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/registry/query-or-enumerate-registry-value.yml -------------------------------------------------------------------------------- /host-interaction/service/continue-service.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/service/continue-service.yml -------------------------------------------------------------------------------- /host-interaction/service/create/create-service.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/service/create/create-service.yml -------------------------------------------------------------------------------- /host-interaction/service/delete/delete-service.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/service/delete/delete-service.yml -------------------------------------------------------------------------------- /host-interaction/service/list/enumerate-services.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/service/list/enumerate-services.yml -------------------------------------------------------------------------------- /host-interaction/service/modify/modify-service.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/service/modify/modify-service.yml -------------------------------------------------------------------------------- /host-interaction/service/pause-service.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/service/pause-service.yml -------------------------------------------------------------------------------- /host-interaction/service/query-service-configuration.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/service/query-service-configuration.yml -------------------------------------------------------------------------------- /host-interaction/service/query-service-status.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/service/query-service-status.yml -------------------------------------------------------------------------------- /host-interaction/service/run-as-service.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/service/run-as-service.yml -------------------------------------------------------------------------------- /host-interaction/service/start/start-service.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/service/start/start-service.yml -------------------------------------------------------------------------------- /host-interaction/service/stop/stop-service.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/service/stop/stop-service.yml -------------------------------------------------------------------------------- /host-interaction/session/get-current-user-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/session/get-current-user-on-linux.yml -------------------------------------------------------------------------------- /host-interaction/session/get-logon-sessions.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/session/get-logon-sessions.yml -------------------------------------------------------------------------------- /host-interaction/session/get-session-integrity-level.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/session/get-session-integrity-level.yml -------------------------------------------------------------------------------- /host-interaction/session/get-session-user-name.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/session/get-session-user-name.yml -------------------------------------------------------------------------------- /host-interaction/session/get-token-membership.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/session/get-token-membership.yml -------------------------------------------------------------------------------- /host-interaction/session/get-user-security-identifier.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/session/get-user-security-identifier.yml -------------------------------------------------------------------------------- /host-interaction/software/get-installed-programs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/software/get-installed-programs.yml -------------------------------------------------------------------------------- /host-interaction/thread/create/create-thread.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/thread/create/create-thread.yml -------------------------------------------------------------------------------- /host-interaction/thread/list/enumerate-threads.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/thread/list/enumerate-threads.yml -------------------------------------------------------------------------------- /host-interaction/thread/resume/resume-thread.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/thread/resume/resume-thread.yml -------------------------------------------------------------------------------- /host-interaction/thread/suspend/suspend-thread.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/thread/suspend/suspend-thread.yml -------------------------------------------------------------------------------- /host-interaction/thread/terminate/terminate-thread.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/thread/terminate/terminate-thread.yml -------------------------------------------------------------------------------- /host-interaction/thread/tls/allocate-thread-local-storage.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/thread/tls/allocate-thread-local-storage.yml -------------------------------------------------------------------------------- /host-interaction/thread/tls/set-thread-local-storage-value.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/thread/tls/set-thread-local-storage-value.yml -------------------------------------------------------------------------------- /host-interaction/uac/bypass/bypass-uac-via-appinfo-alpc.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/uac/bypass/bypass-uac-via-appinfo-alpc.yml -------------------------------------------------------------------------------- /host-interaction/uac/bypass/bypass-uac-via-icmluautil.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/uac/bypass/bypass-uac-via-icmluautil.yml -------------------------------------------------------------------------------- /host-interaction/uac/bypass/bypass-uac-via-rpc.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/uac/bypass/bypass-uac-via-rpc.yml -------------------------------------------------------------------------------- /host-interaction/uac/bypass/bypass-uac-via-token-manipulation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/host-interaction/uac/bypass/bypass-uac-via-token-manipulation.yml -------------------------------------------------------------------------------- /impact/inhibit-system-recovery/delete-volume-shadow-copies.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/impact/inhibit-system-recovery/delete-volume-shadow-copies.yml -------------------------------------------------------------------------------- /impact/wipe-disk/delete-drive-layout-via-ioctl.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/impact/wipe-disk/delete-drive-layout-via-ioctl.yml -------------------------------------------------------------------------------- /impact/wipe-disk/wipe-mbr/overwrite-master-boot-record-mbr.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/impact/wipe-disk/wipe-mbr/overwrite-master-boot-record-mbr.yml -------------------------------------------------------------------------------- /internal/limitation/file/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/internal/limitation/file/README.md -------------------------------------------------------------------------------- /internal/limitation/file/internal-autohotkey-file-limitation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/internal/limitation/file/internal-autohotkey-file-limitation.yml -------------------------------------------------------------------------------- /internal/limitation/file/internal-autoit-file-limitation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/internal/limitation/file/internal-autoit-file-limitation.yml -------------------------------------------------------------------------------- /internal/limitation/file/internal-installer-file-limitation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/internal/limitation/file/internal-installer-file-limitation.yml -------------------------------------------------------------------------------- /internal/limitation/file/internal-packer-file-limitation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/internal/limitation/file/internal-packer-file-limitation.yml -------------------------------------------------------------------------------- /lib/allocate-memory.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/allocate-memory.yml -------------------------------------------------------------------------------- /lib/allocate-or-change-rw-memory.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/allocate-or-change-rw-memory.yml -------------------------------------------------------------------------------- /lib/calculate-modulo-256-via-x86-assembly.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/calculate-modulo-256-via-x86-assembly.yml -------------------------------------------------------------------------------- /lib/change-memory-protection.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/change-memory-protection.yml -------------------------------------------------------------------------------- /lib/contain-loop.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/contain-loop.yml -------------------------------------------------------------------------------- /lib/contain-pusha-popa-sequence.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/contain-pusha-popa-sequence.yml -------------------------------------------------------------------------------- /lib/create-file-compression-interface-context-on-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/create-file-compression-interface-context-on-windows.yml -------------------------------------------------------------------------------- /lib/create-file-decompression-interface-context-on-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/create-file-decompression-interface-context-on-windows.yml -------------------------------------------------------------------------------- /lib/create-or-open-file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/create-or-open-file.yml -------------------------------------------------------------------------------- /lib/create-or-open-registry-key.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/create-or-open-registry-key.yml -------------------------------------------------------------------------------- /lib/create-or-open-section-object.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/create-or-open-section-object.yml -------------------------------------------------------------------------------- /lib/delay-execution.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/delay-execution.yml -------------------------------------------------------------------------------- /lib/duplicate-stdin-and-stdout.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/duplicate-stdin-and-stdout.yml -------------------------------------------------------------------------------- /lib/get-os-version.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/get-os-version.yml -------------------------------------------------------------------------------- /lib/get-service-handle.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/get-service-handle.yml -------------------------------------------------------------------------------- /lib/open-process.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/open-process.yml -------------------------------------------------------------------------------- /lib/open-thread.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/open-thread.yml -------------------------------------------------------------------------------- /lib/peb-access.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/peb-access.yml -------------------------------------------------------------------------------- /lib/write-process-memory.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/lib/write-process-memory.yml -------------------------------------------------------------------------------- /linking/runtime-linking/access-peb-ldr_data.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/runtime-linking/access-peb-ldr_data.yml -------------------------------------------------------------------------------- /linking/runtime-linking/get-kernel32-base-address.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/runtime-linking/get-kernel32-base-address.yml -------------------------------------------------------------------------------- /linking/runtime-linking/get-ntdll-base-address.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/runtime-linking/get-ntdll-base-address.yml -------------------------------------------------------------------------------- /linking/runtime-linking/link-function-at-runtime-on-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/runtime-linking/link-function-at-runtime-on-windows.yml -------------------------------------------------------------------------------- /linking/runtime-linking/link-many-functions-at-runtime.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/runtime-linking/link-many-functions-at-runtime.yml -------------------------------------------------------------------------------- /linking/runtime-linking/resolve-function-by-fin8-fasthash.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/runtime-linking/resolve-function-by-fin8-fasthash.yml -------------------------------------------------------------------------------- /linking/static/aplib/linked-against-aplib.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/static/aplib/linked-against-aplib.yml -------------------------------------------------------------------------------- /linking/static/cryptopp/linked-against-crypto.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/static/cryptopp/linked-against-crypto.yml -------------------------------------------------------------------------------- /linking/static/libcurl/linked-against-libcurl.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/static/libcurl/linked-against-libcurl.yml -------------------------------------------------------------------------------- /linking/static/linked-against-cpp-standard-library.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/static/linked-against-cpp-standard-library.yml -------------------------------------------------------------------------------- /linking/static/msdetours/linked-against-microsoft-detours.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/static/msdetours/linked-against-microsoft-detours.yml -------------------------------------------------------------------------------- /linking/static/openssl/linked-against-openssl.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/static/openssl/linked-against-openssl.yml -------------------------------------------------------------------------------- /linking/static/polarssl/linked-against-polarsslmbed-tls.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/static/polarssl/linked-against-polarsslmbed-tls.yml -------------------------------------------------------------------------------- /linking/static/sqlite3/linked-against-cppsqlite3.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/static/sqlite3/linked-against-cppsqlite3.yml -------------------------------------------------------------------------------- /linking/static/sqlite3/linked-against-sqlite3.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/static/sqlite3/linked-against-sqlite3.yml -------------------------------------------------------------------------------- /linking/static/wolfcrypt/linked-against-wolfcrypt.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/static/wolfcrypt/linked-against-wolfcrypt.yml -------------------------------------------------------------------------------- /linking/static/wolfssl/linked-against-wolfssl.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/static/wolfssl/linked-against-wolfssl.yml -------------------------------------------------------------------------------- /linking/static/zlib/linked-against-zlib.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/linking/static/zlib/linked-against-zlib.yml -------------------------------------------------------------------------------- /load-code/dotnet/load-windows-common-language-runtime.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/load-code/dotnet/load-windows-common-language-runtime.yml -------------------------------------------------------------------------------- /load-code/execute-vbscript-javascript-or-jscript-in-memory.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/load-code/execute-vbscript-javascript-or-jscript-in-memory.yml -------------------------------------------------------------------------------- /load-code/pe/access-pe-header.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/load-code/pe/access-pe-header.yml -------------------------------------------------------------------------------- /load-code/pe/enumerate-pe-sections.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/load-code/pe/enumerate-pe-sections.yml -------------------------------------------------------------------------------- /load-code/pe/inject-dll-reflectively.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/load-code/pe/inject-dll-reflectively.yml -------------------------------------------------------------------------------- /load-code/pe/inspect-section-memory-permissions.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/load-code/pe/inspect-section-memory-permissions.yml -------------------------------------------------------------------------------- /load-code/pe/parse-pe-header.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/load-code/pe/parse-pe-header.yml -------------------------------------------------------------------------------- /load-code/pe/rebuild-import-table.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/load-code/pe/rebuild-import-table.yml -------------------------------------------------------------------------------- /load-code/pe/resolve-function-by-parsing-pe-exports.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/load-code/pe/resolve-function-by-parsing-pe-exports.yml -------------------------------------------------------------------------------- /load-code/powershell/run-powershell-expression.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/load-code/powershell/run-powershell-expression.yml -------------------------------------------------------------------------------- /load-code/shellcode/execute-shellcode-via-copyfile2.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/load-code/shellcode/execute-shellcode-via-copyfile2.yml -------------------------------------------------------------------------------- /load-code/shellcode/execute-shellcode-via-windows-fibers.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/load-code/shellcode/execute-shellcode-via-windows-fibers.yml -------------------------------------------------------------------------------- /load-code/shellcode/spawn-thread-to-rwx-shellcode.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/load-code/shellcode/spawn-thread-to-rwx-shellcode.yml -------------------------------------------------------------------------------- /malware-family/plugx/match-known-plugx-module.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/malware-family/plugx/match-known-plugx-module.yml -------------------------------------------------------------------------------- /nursery/access-camera-in-dotnet-on-android.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/access-camera-in-dotnet-on-android.yml -------------------------------------------------------------------------------- /nursery/access-wmi-data-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/access-wmi-data-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/add-user-account-group.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/add-user-account-group.yml -------------------------------------------------------------------------------- /nursery/add-user-account-to-group.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/add-user-account-to-group.yml -------------------------------------------------------------------------------- /nursery/add-user-account.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/add-user-account.yml -------------------------------------------------------------------------------- /nursery/add-value-to-global-atom-table.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/add-value-to-global-atom-table.yml -------------------------------------------------------------------------------- /nursery/allocate-unmanaged-memory-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/allocate-unmanaged-memory-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/append-data-to-clfs-log-container.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/append-data-to-clfs-log-container.yml -------------------------------------------------------------------------------- /nursery/authenticate-data-with-md5-mac.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/authenticate-data-with-md5-mac.yml -------------------------------------------------------------------------------- /nursery/build-docker-image.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/build-docker-image.yml -------------------------------------------------------------------------------- /nursery/bypass-uac-via-scheduled-task-environment-variable.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/bypass-uac-via-scheduled-task-environment-variable.yml -------------------------------------------------------------------------------- /nursery/capture-microphone-audio-in-dotnet-on-android.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/capture-microphone-audio-in-dotnet-on-android.yml -------------------------------------------------------------------------------- /nursery/capture-network-configuration-via-ifconfig.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/capture-network-configuration-via-ifconfig.yml -------------------------------------------------------------------------------- /nursery/capture-process-snapshot-data.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/capture-process-snapshot-data.yml -------------------------------------------------------------------------------- /nursery/capture-screenshot-in-dotnet-on-android.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/capture-screenshot-in-dotnet-on-android.yml -------------------------------------------------------------------------------- /nursery/capture-screenshot-in-go.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/capture-screenshot-in-go.yml -------------------------------------------------------------------------------- /nursery/capture-webcam-video.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/capture-webcam-video.yml -------------------------------------------------------------------------------- /nursery/change-user-account-password.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/change-user-account-password.yml -------------------------------------------------------------------------------- /nursery/check-clipboard-data.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/check-clipboard-data.yml -------------------------------------------------------------------------------- /nursery/check-file-extension-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/check-file-extension-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/check-for-incoming-call-in-dotnet-on-android.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/check-for-incoming-call-in-dotnet-on-android.yml -------------------------------------------------------------------------------- /nursery/check-for-minimum-number-of-windows-on-screen.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/check-for-minimum-number-of-windows-on-screen.yml -------------------------------------------------------------------------------- /nursery/check-for-outgoing-call-in-dotnet-on-android.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/check-for-outgoing-call-in-dotnet-on-android.yml -------------------------------------------------------------------------------- /nursery/check-for-process-debug-object.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/check-for-process-debug-object.yml -------------------------------------------------------------------------------- /nursery/check-for-sandbox-via-mac-address-ouis-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/check-for-sandbox-via-mac-address-ouis-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/check-for-vm-using-instruction-vpcext.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/check-for-vm-using-instruction-vpcext.yml -------------------------------------------------------------------------------- /nursery/check-for-windows-sandbox-via-mutex.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/check-for-windows-sandbox-via-mutex.yml -------------------------------------------------------------------------------- /nursery/check-for-windows-sandbox-via-subdirectory.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/check-for-windows-sandbox-via-subdirectory.yml -------------------------------------------------------------------------------- /nursery/check-if-directory-exists.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/check-if-directory-exists.yml -------------------------------------------------------------------------------- /nursery/check-license-value.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/check-license-value.yml -------------------------------------------------------------------------------- /nursery/check-processdebugflags.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/check-processdebugflags.yml -------------------------------------------------------------------------------- /nursery/check-systemkerneldebuggerinformation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/check-systemkerneldebuggerinformation.yml -------------------------------------------------------------------------------- /nursery/check-thread-yield-allowed.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/check-thread-yield-allowed.yml -------------------------------------------------------------------------------- /nursery/clear-clipboard-data.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/clear-clipboard-data.yml -------------------------------------------------------------------------------- /nursery/collect-ssh-keys.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/collect-ssh-keys.yml -------------------------------------------------------------------------------- /nursery/compare-security-identifiers.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/compare-security-identifiers.yml -------------------------------------------------------------------------------- /nursery/compile-csharp-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/compile-csharp-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/compile-dotnet-assembly.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/compile-dotnet-assembly.yml -------------------------------------------------------------------------------- /nursery/compile-visual-basic-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/compile-visual-basic-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/compiled-from-epl.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/compiled-from-epl.yml -------------------------------------------------------------------------------- /nursery/compiled-with-exescript.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/compiled-with-exescript.yml -------------------------------------------------------------------------------- /nursery/compiled-with-xamarin.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/compiled-with-xamarin.yml -------------------------------------------------------------------------------- /nursery/compress-data-using-gzip-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/compress-data-using-gzip-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/connect-network-resource.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/connect-network-resource.yml -------------------------------------------------------------------------------- /nursery/contain-a-thread-local-storage-tls-section-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/contain-a-thread-local-storage-tls-section-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/create-container.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/create-container.yml -------------------------------------------------------------------------------- /nursery/create-process-via-wmi-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/create-process-via-wmi-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/create-registry-key-via-stdregprov.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/create-registry-key-via-stdregprov.yml -------------------------------------------------------------------------------- /nursery/create-restart-manager-session.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/create-restart-manager-session.yml -------------------------------------------------------------------------------- /nursery/create-zip-archive-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/create-zip-archive-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/debug-build.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/debug-build.yml -------------------------------------------------------------------------------- /nursery/decode-data-using-base64-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/decode-data-using-base64-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/decode-data-using-url-encoding.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/decode-data-using-url-encoding.yml -------------------------------------------------------------------------------- /nursery/decrypt-data-using-rsa.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/decrypt-data-using-rsa.yml -------------------------------------------------------------------------------- /nursery/decrypt-data-via-sspi.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/decrypt-data-via-sspi.yml -------------------------------------------------------------------------------- /nursery/delete-internet-cache.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/delete-internet-cache.yml -------------------------------------------------------------------------------- /nursery/delete-registry-key-via-offline-registry-library.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/delete-registry-key-via-offline-registry-library.yml -------------------------------------------------------------------------------- /nursery/delete-registry-key-via-stdregprov.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/delete-registry-key-via-stdregprov.yml -------------------------------------------------------------------------------- /nursery/delete-registry-value-via-stdregprov.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/delete-registry-value-via-stdregprov.yml -------------------------------------------------------------------------------- /nursery/delete-user-account-from-group.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/delete-user-account-from-group.yml -------------------------------------------------------------------------------- /nursery/delete-user-account-group.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/delete-user-account-group.yml -------------------------------------------------------------------------------- /nursery/delete-user-account.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/delete-user-account.yml -------------------------------------------------------------------------------- /nursery/delete-windows-backup-catalog.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/delete-windows-backup-catalog.yml -------------------------------------------------------------------------------- /nursery/deserialize-json-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/deserialize-json-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/destroy-software-breakpoint-capability.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/destroy-software-breakpoint-capability.yml -------------------------------------------------------------------------------- /nursery/disable-automatic-windows-recovery-features.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/disable-automatic-windows-recovery-features.yml -------------------------------------------------------------------------------- /nursery/display-service-notification-message-box.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/display-service-notification-message-box.yml -------------------------------------------------------------------------------- /nursery/empty-the-recycle-bin.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/empty-the-recycle-bin.yml -------------------------------------------------------------------------------- /nursery/enable-safe-mode-boot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/enable-safe-mode-boot.yml -------------------------------------------------------------------------------- /nursery/encrypt-data-using-aes-via-x86-extensions.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/encrypt-data-using-aes-via-x86-extensions.yml -------------------------------------------------------------------------------- /nursery/encrypt-data-using-aes.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/encrypt-data-using-aes.yml -------------------------------------------------------------------------------- /nursery/encrypt-data-using-fakem-cipher.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/encrypt-data-using-fakem-cipher.yml -------------------------------------------------------------------------------- /nursery/encrypt-data-using-openssl-dsa.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/encrypt-data-using-openssl-dsa.yml -------------------------------------------------------------------------------- /nursery/encrypt-data-using-openssl-ecdsa.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/encrypt-data-using-openssl-ecdsa.yml -------------------------------------------------------------------------------- /nursery/encrypt-data-using-openssl-rsa.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/encrypt-data-using-openssl-rsa.yml -------------------------------------------------------------------------------- /nursery/encrypt-data-using-rsa.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/encrypt-data-using-rsa.yml -------------------------------------------------------------------------------- /nursery/encrypt-data-using-salsa20-or-chacha.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/encrypt-data-using-salsa20-or-chacha.yml -------------------------------------------------------------------------------- /nursery/encrypt-data-via-sspi.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/encrypt-data-via-sspi.yml -------------------------------------------------------------------------------- /nursery/encrypt-or-decrypt-data-via-bcrypt.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/encrypt-or-decrypt-data-via-bcrypt.yml -------------------------------------------------------------------------------- /nursery/enumerate-browser-history.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/enumerate-browser-history.yml -------------------------------------------------------------------------------- /nursery/enumerate-device-drivers-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/enumerate-device-drivers-on-linux.yml -------------------------------------------------------------------------------- /nursery/enumerate-device-drivers-on-windows.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/enumerate-device-drivers-on-windows.yml -------------------------------------------------------------------------------- /nursery/enumerate-disk-volumes.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/enumerate-disk-volumes.yml -------------------------------------------------------------------------------- /nursery/enumerate-drives.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/enumerate-drives.yml -------------------------------------------------------------------------------- /nursery/enumerate-files-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/enumerate-files-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/enumerate-internet-cache.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/enumerate-internet-cache.yml -------------------------------------------------------------------------------- /nursery/enumerate-network-shares.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/enumerate-network-shares.yml -------------------------------------------------------------------------------- /nursery/enumerate-pe-sections-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/enumerate-pe-sections-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/enumerate-processes-that-use-resource.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/enumerate-processes-that-use-resource.yml -------------------------------------------------------------------------------- /nursery/enumerate-processes-via-procfs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/enumerate-processes-via-procfs.yml -------------------------------------------------------------------------------- /nursery/enumerate-system-firmware-tables.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/enumerate-system-firmware-tables.yml -------------------------------------------------------------------------------- /nursery/execute-dotnet-assembly.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/execute-dotnet-assembly.yml -------------------------------------------------------------------------------- /nursery/execute-shell-command-via-windows-remote-management.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/execute-shell-command-via-windows-remote-management.yml -------------------------------------------------------------------------------- /nursery/execute-shellcode-via-indirect-call.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/execute-shellcode-via-indirect-call.yml -------------------------------------------------------------------------------- /nursery/execute-sqlite-statement-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/execute-sqlite-statement-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/execute-syscall-instruction.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/execute-syscall-instruction.yml -------------------------------------------------------------------------------- /nursery/execute-via-asynchronous-task-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/execute-via-asynchronous-task-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/execute-via-timer-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/execute-via-timer-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/extract-zip-archive-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/extract-zip-archive-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/find-data-using-regex-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/find-data-using-regex-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/find-process-by-name.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/find-process-by-name.yml -------------------------------------------------------------------------------- /nursery/generate-method-via-reflection-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/generate-method-via-reflection-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/generate-random-bytes-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/generate-random-bytes-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/generate-random-filename-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/generate-random-filename-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/generate-random-numbers-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/generate-random-numbers-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/generate-random-numbers-using-the-delphi-lcg.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/generate-random-numbers-using-the-delphi-lcg.yml -------------------------------------------------------------------------------- /nursery/get-client-handle-via-schannel.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-client-handle-via-schannel.yml -------------------------------------------------------------------------------- /nursery/get-current-pid-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-current-pid-on-linux.yml -------------------------------------------------------------------------------- /nursery/get-current-process-command-line.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-current-process-command-line.yml -------------------------------------------------------------------------------- /nursery/get-current-process-file-path.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-current-process-file-path.yml -------------------------------------------------------------------------------- /nursery/get-disk-information-via-ioctl.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-disk-information-via-ioctl.yml -------------------------------------------------------------------------------- /nursery/get-file-system-information-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-file-system-information-on-linux.yml -------------------------------------------------------------------------------- /nursery/get-http-request-uri.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-http-request-uri.yml -------------------------------------------------------------------------------- /nursery/get-inbound-credentials-handle-via-credssp.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-inbound-credentials-handle-via-credssp.yml -------------------------------------------------------------------------------- /nursery/get-mac-address-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-mac-address-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/get-mac-address-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-mac-address-on-linux.yml -------------------------------------------------------------------------------- /nursery/get-networking-parameters.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-networking-parameters.yml -------------------------------------------------------------------------------- /nursery/get-ntoskrnl-base-address.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-ntoskrnl-base-address.yml -------------------------------------------------------------------------------- /nursery/get-os-information-via-kuser_shared_data.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-os-information-via-kuser_shared_data.yml -------------------------------------------------------------------------------- /nursery/get-os-version-in-dotnet-on-android.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-os-version-in-dotnet-on-android.yml -------------------------------------------------------------------------------- /nursery/get-os-version-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-os-version-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/get-password-database-entry-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-password-database-entry-on-linux.yml -------------------------------------------------------------------------------- /nursery/get-process-image-filename.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-process-image-filename.yml -------------------------------------------------------------------------------- /nursery/get-proxy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-proxy.yml -------------------------------------------------------------------------------- /nursery/get-remote-cert-context-via-schannel.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-remote-cert-context-via-schannel.yml -------------------------------------------------------------------------------- /nursery/get-routing-table.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-routing-table.yml -------------------------------------------------------------------------------- /nursery/get-session-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-session-information.yml -------------------------------------------------------------------------------- /nursery/get-socket-information.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-socket-information.yml -------------------------------------------------------------------------------- /nursery/get-storage-device-properties.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-storage-device-properties.yml -------------------------------------------------------------------------------- /nursery/get-system-firmware-table.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-system-firmware-table.yml -------------------------------------------------------------------------------- /nursery/get-system-information-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-system-information-on-linux.yml -------------------------------------------------------------------------------- /nursery/get-system-web-proxy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-system-web-proxy.yml -------------------------------------------------------------------------------- /nursery/get-thread-local-storage-value.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-thread-local-storage-value.yml -------------------------------------------------------------------------------- /nursery/get-token-privileges.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-token-privileges.yml -------------------------------------------------------------------------------- /nursery/get-volume-information-via-ioctl.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/get-volume-information-via-ioctl.yml -------------------------------------------------------------------------------- /nursery/hash-data-using-aphash.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hash-data-using-aphash.yml -------------------------------------------------------------------------------- /nursery/hash-data-using-crc32b.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hash-data-using-crc32b.yml -------------------------------------------------------------------------------- /nursery/hash-data-using-jshash.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hash-data-using-jshash.yml -------------------------------------------------------------------------------- /nursery/hash-data-using-md4.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hash-data-using-md4.yml -------------------------------------------------------------------------------- /nursery/hash-data-using-murmur2.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hash-data-using-murmur2.yml -------------------------------------------------------------------------------- /nursery/hash-data-using-ripemd128.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hash-data-using-ripemd128.yml -------------------------------------------------------------------------------- /nursery/hash-data-using-ripemd256.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hash-data-using-ripemd256.yml -------------------------------------------------------------------------------- /nursery/hash-data-using-ripemd320.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hash-data-using-ripemd320.yml -------------------------------------------------------------------------------- /nursery/hash-data-using-rshash.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hash-data-using-rshash.yml -------------------------------------------------------------------------------- /nursery/hash-data-using-sha1-via-wincrypt.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hash-data-using-sha1-via-wincrypt.yml -------------------------------------------------------------------------------- /nursery/hash-data-using-sha1-via-x86-extensions.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hash-data-using-sha1-via-x86-extensions.yml -------------------------------------------------------------------------------- /nursery/hash-data-using-sha256-via-x86-extensions.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hash-data-using-sha256-via-x86-extensions.yml -------------------------------------------------------------------------------- /nursery/hash-data-using-sha512managed-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hash-data-using-sha512managed-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/hash-data-using-whirlpool.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hash-data-using-whirlpool.yml -------------------------------------------------------------------------------- /nursery/hash-data-via-bcrypt.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hash-data-via-bcrypt.yml -------------------------------------------------------------------------------- /nursery/hook-routines-via-dlsym-rtld_next.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hook-routines-via-dlsym-rtld_next.yml -------------------------------------------------------------------------------- /nursery/hook-routines-via-microsoft-detours.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hook-routines-via-microsoft-detours.yml -------------------------------------------------------------------------------- /nursery/hooked-by-api-override.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/hooked-by-api-override.yml -------------------------------------------------------------------------------- /nursery/impersonate-user.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/impersonate-user.yml -------------------------------------------------------------------------------- /nursery/implement-com-dll.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/implement-com-dll.yml -------------------------------------------------------------------------------- /nursery/initialize-hashing-via-wincrypt.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/initialize-hashing-via-wincrypt.yml -------------------------------------------------------------------------------- /nursery/inspect-load-icon-resource.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/inspect-load-icon-resource.yml -------------------------------------------------------------------------------- /nursery/interact-with-iptables.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/interact-with-iptables.yml -------------------------------------------------------------------------------- /nursery/invoke-dotnet-assembly-method.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/invoke-dotnet-assembly-method.yml -------------------------------------------------------------------------------- /nursery/link-function-at-runtime-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/link-function-at-runtime-on-linux.yml -------------------------------------------------------------------------------- /nursery/linked-against-cpp-http-library.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/linked-against-cpp-http-library.yml -------------------------------------------------------------------------------- /nursery/linked-against-cpp-json-library.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/linked-against-cpp-json-library.yml -------------------------------------------------------------------------------- /nursery/linked-against-cpp-regex-library.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/linked-against-cpp-regex-library.yml -------------------------------------------------------------------------------- /nursery/linked-against-go-process-enumeration-library.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/linked-against-go-process-enumeration-library.yml -------------------------------------------------------------------------------- /nursery/linked-against-go-registry-library.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/linked-against-go-registry-library.yml -------------------------------------------------------------------------------- /nursery/linked-against-go-static-asset-library.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/linked-against-go-static-asset-library.yml -------------------------------------------------------------------------------- /nursery/linked-against-go-wmi-library.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/linked-against-go-wmi-library.yml -------------------------------------------------------------------------------- /nursery/linked-against-hp-socket.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/linked-against-hp-socket.yml -------------------------------------------------------------------------------- /nursery/linked-against-libsodium.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/linked-against-libsodium.yml -------------------------------------------------------------------------------- /nursery/linked-against-xzip.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/linked-against-xzip.yml -------------------------------------------------------------------------------- /nursery/list-containers.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/list-containers.yml -------------------------------------------------------------------------------- /nursery/list-domain-servers.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/list-domain-servers.yml -------------------------------------------------------------------------------- /nursery/list-drag-and-drop-files.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/list-drag-and-drop-files.yml -------------------------------------------------------------------------------- /nursery/list-groups-for-user-account.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/list-groups-for-user-account.yml -------------------------------------------------------------------------------- /nursery/list-tcp-connections-and-listeners.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/list-tcp-connections-and-listeners.yml -------------------------------------------------------------------------------- /nursery/list-udp-connections-and-listeners.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/list-udp-connections-and-listeners.yml -------------------------------------------------------------------------------- /nursery/list-user-account-groups.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/list-user-account-groups.yml -------------------------------------------------------------------------------- /nursery/list-user-accounts-for-group.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/list-user-accounts-for-group.yml -------------------------------------------------------------------------------- /nursery/list-user-accounts.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/list-user-accounts.yml -------------------------------------------------------------------------------- /nursery/listen-for-remote-procedure-calls.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/listen-for-remote-procedure-calls.yml -------------------------------------------------------------------------------- /nursery/load-dotnet-assembly.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/load-dotnet-assembly.yml -------------------------------------------------------------------------------- /nursery/load-xml-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/load-xml-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/log-keystrokes-via-input-method-manager.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/log-keystrokes-via-input-method-manager.yml -------------------------------------------------------------------------------- /nursery/log-keystrokes-via-raw-input-data.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/log-keystrokes-via-raw-input-data.yml -------------------------------------------------------------------------------- /nursery/make-an-http-request-with-a-cookie.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/make-an-http-request-with-a-cookie.yml -------------------------------------------------------------------------------- /nursery/manipulate-console-window.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/manipulate-console-window.yml -------------------------------------------------------------------------------- /nursery/manipulate-network-credentials-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/manipulate-network-credentials-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/manipulate-unmanaged-memory-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/manipulate-unmanaged-memory-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/manipulate-user-privileges.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/manipulate-user-privileges.yml -------------------------------------------------------------------------------- /nursery/mark-thread-detached-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/mark-thread-detached-on-linux.yml -------------------------------------------------------------------------------- /nursery/migrate-process-to-active-window-station.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/migrate-process-to-active-window-station.yml -------------------------------------------------------------------------------- /nursery/mixed-mode.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/mixed-mode.yml -------------------------------------------------------------------------------- /nursery/monitor-clipboard-content.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/monitor-clipboard-content.yml -------------------------------------------------------------------------------- /nursery/monitor-local-ipv4-address-changes.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/monitor-local-ipv4-address-changes.yml -------------------------------------------------------------------------------- /nursery/move-directory.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/move-directory.yml -------------------------------------------------------------------------------- /nursery/obfuscated-with-koivm.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/obfuscated-with-koivm.yml -------------------------------------------------------------------------------- /nursery/packaged-as-a-createinstall-installer.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packaged-as-a-createinstall-installer.yml -------------------------------------------------------------------------------- /nursery/packaged-as-a-nsis-installer.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packaged-as-a-nsis-installer.yml -------------------------------------------------------------------------------- /nursery/packaged-as-a-pintool.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packaged-as-a-pintool.yml -------------------------------------------------------------------------------- /nursery/packaged-as-a-winzip-self-extracting-archive.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packaged-as-a-winzip-self-extracting-archive.yml -------------------------------------------------------------------------------- /nursery/packaged-as-a-wise-installer.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packaged-as-a-wise-installer.yml -------------------------------------------------------------------------------- /nursery/packaged-as-an-installshield-installer.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packaged-as-an-installshield-installer.yml -------------------------------------------------------------------------------- /nursery/packed-with-ccg.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-ccg.yml -------------------------------------------------------------------------------- /nursery/packed-with-crunch.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-crunch.yml -------------------------------------------------------------------------------- /nursery/packed-with-dragon-armor.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-dragon-armor.yml -------------------------------------------------------------------------------- /nursery/packed-with-enigma.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-enigma.yml -------------------------------------------------------------------------------- /nursery/packed-with-epack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-epack.yml -------------------------------------------------------------------------------- /nursery/packed-with-maskpe.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-maskpe.yml -------------------------------------------------------------------------------- /nursery/packed-with-mew.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-mew.yml -------------------------------------------------------------------------------- /nursery/packed-with-mpress.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-mpress.yml -------------------------------------------------------------------------------- /nursery/packed-with-neolite.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-neolite.yml -------------------------------------------------------------------------------- /nursery/packed-with-pepack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-pepack.yml -------------------------------------------------------------------------------- /nursery/packed-with-perplex.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-perplex.yml -------------------------------------------------------------------------------- /nursery/packed-with-procrypt.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-procrypt.yml -------------------------------------------------------------------------------- /nursery/packed-with-rpcrypt.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-rpcrypt.yml -------------------------------------------------------------------------------- /nursery/packed-with-seausfx.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-seausfx.yml -------------------------------------------------------------------------------- /nursery/packed-with-shrinker.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-shrinker.yml -------------------------------------------------------------------------------- /nursery/packed-with-simple-pack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-simple-pack.yml -------------------------------------------------------------------------------- /nursery/packed-with-starforce.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-starforce.yml -------------------------------------------------------------------------------- /nursery/packed-with-svkp.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-svkp.yml -------------------------------------------------------------------------------- /nursery/packed-with-tsuloader.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-tsuloader.yml -------------------------------------------------------------------------------- /nursery/packed-with-vprotect.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-vprotect.yml -------------------------------------------------------------------------------- /nursery/packed-with-wwpack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/packed-with-wwpack.yml -------------------------------------------------------------------------------- /nursery/parse-url.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/parse-url.yml -------------------------------------------------------------------------------- /nursery/persist-via-gnome-autostart-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/persist-via-gnome-autostart-on-linux.yml -------------------------------------------------------------------------------- /nursery/power-down-monitor.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/power-down-monitor.yml -------------------------------------------------------------------------------- /nursery/prompt-user-for-credentials.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/prompt-user-for-credentials.yml -------------------------------------------------------------------------------- /nursery/query-or-enumerate-registry-key-via-stdregprov.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/query-or-enumerate-registry-key-via-stdregprov.yml -------------------------------------------------------------------------------- /nursery/query-or-enumerate-registry-value-via-stdregprov.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/query-or-enumerate-registry-value-via-stdregprov.yml -------------------------------------------------------------------------------- /nursery/query-remote-server-for-available-data.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/query-remote-server-for-available-data.yml -------------------------------------------------------------------------------- /nursery/read-and-send-data-from-client-to-server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/read-and-send-data-from-client-to-server.yml -------------------------------------------------------------------------------- /nursery/read-process-memory.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/read-process-memory.yml -------------------------------------------------------------------------------- /nursery/read-raw-disk-data.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/read-raw-disk-data.yml -------------------------------------------------------------------------------- /nursery/rebuilt-by-imprec.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/rebuilt-by-imprec.yml -------------------------------------------------------------------------------- /nursery/receive-and-write-data-from-server-to-client.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/receive-and-write-data-from-server-to-client.yml -------------------------------------------------------------------------------- /nursery/reference-114dns-dns-server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-114dns-dns-server.yml -------------------------------------------------------------------------------- /nursery/reference-aes-constants.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-aes-constants.yml -------------------------------------------------------------------------------- /nursery/reference-alidns-dns-server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-alidns-dns-server.yml -------------------------------------------------------------------------------- /nursery/reference-base58-string.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-base58-string.yml -------------------------------------------------------------------------------- /nursery/reference-cloudflare-dns-server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-cloudflare-dns-server.yml -------------------------------------------------------------------------------- /nursery/reference-comodo-secure-dns-server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-comodo-secure-dns-server.yml -------------------------------------------------------------------------------- /nursery/reference-cryptocurrency-strings.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-cryptocurrency-strings.yml -------------------------------------------------------------------------------- /nursery/reference-google-public-dns-server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-google-public-dns-server.yml -------------------------------------------------------------------------------- /nursery/reference-hurricane-electric-dns-server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-hurricane-electric-dns-server.yml -------------------------------------------------------------------------------- /nursery/reference-kornet-dns-server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-kornet-dns-server.yml -------------------------------------------------------------------------------- /nursery/reference-l3-dns-server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-l3-dns-server.yml -------------------------------------------------------------------------------- /nursery/reference-opendns-dns-server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-opendns-dns-server.yml -------------------------------------------------------------------------------- /nursery/reference-processor-manufacturer-constants.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-processor-manufacturer-constants.yml -------------------------------------------------------------------------------- /nursery/reference-quad9-dns-server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-quad9-dns-server.yml -------------------------------------------------------------------------------- /nursery/reference-screen-saver-executable.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-screen-saver-executable.yml -------------------------------------------------------------------------------- /nursery/reference-startup-folder.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-startup-folder.yml -------------------------------------------------------------------------------- /nursery/reference-the-vmware-io-port.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-the-vmware-io-port.yml -------------------------------------------------------------------------------- /nursery/reference-verisign-dns-server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/reference-verisign-dns-server.yml -------------------------------------------------------------------------------- /nursery/register-http-server-url.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/register-http-server-url.yml -------------------------------------------------------------------------------- /nursery/register-raw-input-devices.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/register-raw-input-devices.yml -------------------------------------------------------------------------------- /nursery/resize-volume-shadow-copy-storage.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/resize-volume-shadow-copy-storage.yml -------------------------------------------------------------------------------- /nursery/resolve-function-by-djb2-hash.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/resolve-function-by-djb2-hash.yml -------------------------------------------------------------------------------- /nursery/resolve-function-by-fnv-1a-hash.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/resolve-function-by-fnv-1a-hash.yml -------------------------------------------------------------------------------- /nursery/resolve-function-by-hash.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/resolve-function-by-hash.yml -------------------------------------------------------------------------------- /nursery/run-in-container.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/run-in-container.yml -------------------------------------------------------------------------------- /nursery/save-image-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/save-image-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/schedule-task-via-itaskservice.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/schedule-task-via-itaskservice.yml -------------------------------------------------------------------------------- /nursery/search-for-credit-card-data.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/search-for-credit-card-data.yml -------------------------------------------------------------------------------- /nursery/send-data-to-internet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/send-data-to-internet.yml -------------------------------------------------------------------------------- /nursery/send-email-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/send-email-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/send-http-request-with-host-header.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/send-http-request-with-host-header.yml -------------------------------------------------------------------------------- /nursery/send-keystrokes.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/send-keystrokes.yml -------------------------------------------------------------------------------- /nursery/send-request-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/send-request-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/send-sms-on-android.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/send-sms-on-android.yml -------------------------------------------------------------------------------- /nursery/serialize-json-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/serialize-json-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/set-current-directory.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/set-current-directory.yml -------------------------------------------------------------------------------- /nursery/set-global-application-hook.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/set-global-application-hook.yml -------------------------------------------------------------------------------- /nursery/set-http-cookie.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/set-http-cookie.yml -------------------------------------------------------------------------------- /nursery/set-http-user-agent-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/set-http-user-agent-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/set-registry-value-via-stdregprov.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/set-registry-value-via-stdregprov.yml -------------------------------------------------------------------------------- /nursery/set-thread-name-on-linux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/set-thread-name-on-linux.yml -------------------------------------------------------------------------------- /nursery/set-web-proxy-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/set-web-proxy-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/terminate-process-by-name-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/terminate-process-by-name-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/terminate-process-by-name.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/terminate-process-by-name.yml -------------------------------------------------------------------------------- /nursery/unmanaged-call-via-dynamic-pinvoke-in-dotnet.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/unmanaged-call-via-dynamic-pinvoke-in-dotnet.yml -------------------------------------------------------------------------------- /nursery/unmanaged-call.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/unmanaged-call.yml -------------------------------------------------------------------------------- /nursery/unmount-volume-via-ioctl.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/nursery/unmount-volume-via-ioctl.yml -------------------------------------------------------------------------------- /persistence/act-as-dhcp-server-callout-dll.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/act-as-dhcp-server-callout-dll.yml -------------------------------------------------------------------------------- /persistence/act-as-dns-server-plugin-dll.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/act-as-dns-server-plugin-dll.yml -------------------------------------------------------------------------------- /persistence/create-shortcut-via-ishelllink.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/create-shortcut-via-ishelllink.yml -------------------------------------------------------------------------------- /persistence/exchange/act-as-exchange-transport-agent.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/exchange/act-as-exchange-transport-agent.yml -------------------------------------------------------------------------------- /persistence/iis/persist-via-iis-module.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/iis/persist-via-iis-module.yml -------------------------------------------------------------------------------- /persistence/iis/persist-via-isapi-extension.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/iis/persist-via-isapi-extension.yml -------------------------------------------------------------------------------- /persistence/office/act-as-excel-xll-add-in.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/office/act-as-excel-xll-add-in.yml -------------------------------------------------------------------------------- /persistence/office/act-as-office-com-add-in.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/office/act-as-office-com-add-in.yml -------------------------------------------------------------------------------- /persistence/office/act-as-word-wll-add-in.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/office/act-as-word-wll-add-in.yml -------------------------------------------------------------------------------- /persistence/persist-via-desktop-autostart.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/persist-via-desktop-autostart.yml -------------------------------------------------------------------------------- /persistence/persist-via-shell-profile-or-rc-file.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/persist-via-shell-profile-or-rc-file.yml -------------------------------------------------------------------------------- /persistence/registry/persist-via-active-setup-registry-key.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/registry/persist-via-active-setup-registry-key.yml -------------------------------------------------------------------------------- /persistence/registry/run/persist-via-run-registry-key.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/registry/run/persist-via-run-registry-key.yml -------------------------------------------------------------------------------- /persistence/scheduled-tasks/schedule-task-via-at.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/scheduled-tasks/schedule-task-via-at.yml -------------------------------------------------------------------------------- /persistence/scheduled-tasks/schedule-task-via-itaskscheduler.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/scheduled-tasks/schedule-task-via-itaskscheduler.yml -------------------------------------------------------------------------------- /persistence/scheduled-tasks/schedule-task-via-schtasks.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/scheduled-tasks/schedule-task-via-schtasks.yml -------------------------------------------------------------------------------- /persistence/service/persist-via-rc-script.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/service/persist-via-rc-script.yml -------------------------------------------------------------------------------- /persistence/service/persist-via-windows-service.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/service/persist-via-windows-service.yml -------------------------------------------------------------------------------- /persistence/startup-folder/get-startup-folder.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/startup-folder/get-startup-folder.yml -------------------------------------------------------------------------------- /persistence/startup-folder/write-file-to-startup-folder.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/persistence/startup-folder/write-file-to-startup-folder.yml -------------------------------------------------------------------------------- /runtime/dotnet/compiled-to-the-dotnet-platform.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/runtime/dotnet/compiled-to-the-dotnet-platform.yml -------------------------------------------------------------------------------- /runtime/dotnet/execute-via-dotnet-startup-hook.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/runtime/dotnet/execute-via-dotnet-startup-hook.yml -------------------------------------------------------------------------------- /targeting/automated-teller-machine/ncr/load-ncr-atm-library.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/targeting/automated-teller-machine/ncr/load-ncr-atm-library.yml -------------------------------------------------------------------------------- /targeting/language/identify-system-language-via-api.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MBCProject/capa-rules-1/HEAD/targeting/language/identify-system-language-via-api.yml --------------------------------------------------------------------------------