mandiant / capa-rules Public

Notifications You must be signed in to change notification settings
Fork 235
Star 708

Code
Issues 119
Pull requests 18
Discussions
Actions
Wiki
Security and quality
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Wiki
Security and quality
Insights

Pull requests: mandiant/capa-rules

Labels 18 Milestones 1

New pull request New

18 Open 750 Closed

Author

Filter by author

Uh oh!

There was an error while loading. Please reload this page.

Label

Filter by label

Uh oh!

There was an error while loading. Please reload this page.

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Uh oh!

There was an error while loading. Please reload this page.

Milestones

Filter by milestone

Uh oh!

There was an error while loading. Please reload this page.

Reviews

Filter by reviews

No reviews Review required Approved review Changes requested

Assignee

Filter by who’s assigned

Assigned to nobody

Uh oh!

There was an error while loading. Please reload this page.

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Pull requests list

Add rule for LZMA decompression

#1152 opened Apr 13, 2026 by edeca Contributor

Loading…

rule: reference ConfuserEx anti-profiling (fixes #602)

#1150 opened Mar 28, 2026 by Nitezio

Loading…

update screenshot rule: add display regex and GDI+ routines

#1148 opened Mar 23, 2026 by cipherBT

Loading…

add rule for detecting opening of service by ransomwares

#1146 opened Mar 21, 2026 by cipherBT

Loading…

Add rule for zlib fast inflate

#1142 opened Mar 15, 2026 by priyank766

Loading…

rules: add nursery rule for systemd CLI interaction on Linux

#1141 opened Mar 14, 2026 by akshat4703 Contributor

Loading…

rules: add nursery rule for shellcode execution via ReadDirectoryChanges

#1140 opened Mar 14, 2026 by akshat4703 Contributor

Loading…

add ProcDump-based LSASS memory dump detection

#1139 opened Mar 13, 2026 by akshat4703 Contributor

Loading…

Add .NET Environment.TickCount timing anti-debug rule

#1137 opened Mar 12, 2026 by aryanyk Contributor

Loading…

add general BITS usage detection

#1132 opened Mar 9, 2026 by akshat4703 Contributor

Loading…

improve Heaven's Gate detection for computed selector variants

#1127 opened Feb 26, 2026 by akshat4703 Contributor

Loading…

persistence: restrict registry-based service detection to service-specific values (fix #1100)

#1126 opened Feb 25, 2026 by reyyanxahmed

Loading…

add word boundaries to regex patterns to reduce false positives

#1125 opened Feb 24, 2026 by Shaktisinhchavda

Loading…

reduce false positives in credential manager, credit-card parsing, an…

#1123 opened Feb 23, 2026 by akshat4703 Contributor

Loading…

Add new rule to detect ransomware disabling backup/recovery services

#1122 opened Feb 22, 2026 by 0ameyasr

Loading…

add word boundary to del regex to prevent false positives

#1120 opened Feb 18, 2026 by devarjya27 Contributor

Loading…

warn if latest release and rules are not compatible

#933 opened Sep 24, 2024 by mr-tz Collaborator

Loading…

Additional rules to support capa-scripts. dont merge

Indicate a PR that is still being worked on

#603 opened Aug 4, 2022 by adamstorek

Loading…

ProTip! Type g i on any issue or pull request to go back to the issue listing page.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!