Skip to content

Pull requests: mandiant/capa-rules

New pull request New
13 Open 744 Closed
13 Open 744 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

add ProcDump-based LSASS memory dump detection
#1139 opened Mar 13, 2026 by akshat4703 Loading…
2
dump-lsass-memory-via-openprocess-and-minidumpwritedump
#1138 opened Mar 13, 2026 by akshat4703 Loading…
4
Add .NET Environment.TickCount timing anti-debug rule
#1137 opened Mar 12, 2026 by aryanyk Loading…
Add nursery rules for Linux kernel rootkit techniques
#1136 opened Mar 11, 2026 by aryanyk Loading…
1
12
add general BITS usage detection
#1132 opened Mar 9, 2026 by akshat4703 Loading…
18
improve Heaven's Gate detection for computed selector variants
#1127 opened Feb 26, 2026 by akshat4703 Loading…
1
2
persistence: restrict registry-based service detection to service-specific values (fix #1100)
#1126 opened Feb 25, 2026 by reyyanxahmed Loading…
1
add word boundaries to regex patterns to reduce false positives
#1125 opened Feb 24, 2026 by Shaktisinhchavda Loading…
1
14
reduce false positives in credential manager, credit-card parsing, an…
#1123 opened Feb 23, 2026 by akshat4703 Loading…
4
5
Add new rule to detect ransomware disabling backup/recovery services
#1122 opened Feb 22, 2026 by 0ameyasr Loading…
5
add word boundary to del regex to prevent false positives
#1120 opened Feb 18, 2026 by devarjya27 Loading…
1
2
warn if latest release and rules are not compatible
#933 opened Sep 24, 2024 by mr-tz Loading…
Additional rules to support capa-scripts. dont merge Indicate a PR that is still being worked on
#603 opened Aug 4, 2022 by adamstorek Loading…
19
ProTip! What’s not been updated in a month: updated:<2026-02-13.