description |
Communication using DGA |
rule |
Network_DGA |
description |
Communications use DNS |
rule |
Network_DNS |
description |
Communications over RAW Socket |
rule |
Network_TCP_Socket |
description |
Create a windows service |
rule |
Create_Service |
description |
Record Audio |
rule |
Sniff_Audio |
description |
Escalate priviledges |
rule |
Escalate_priviledges |
description |
Run a KeyLogger |
rule |
KeyLogger |
description |
Code injection with CreateRemoteThread in a remote process |
rule |
Code_injection |
description |
Communications over HTTP |
rule |
Network_HTTP |
description |
Match Windows Inet API call |
rule |
Str_Win32_Internet_API |
description |
Communications over FTP |
rule |
Network_FTP |
description |
Take ScreenShot |
rule |
ScreenShot |
description |
Match Windows Http API call |
rule |
Str_Win32_Http_API |
description |
Steal credential |
rule |
local_credential_Steal |
description |
File Downloader |
rule |
Network_Downloader |
description |
Communications over P2P network |
rule |
Network_P2P_Win |
description |
(no description) |
rule |
DebuggerCheck__GlobalFlags |
description |
(no description) |
rule |
DebuggerCheck__QueryInfo |
description |
(no description) |
rule |
DebuggerCheck__RemoteAPI |
description |
(no description) |
rule |
DebuggerHiding__Thread |
description |
(no description) |
rule |
DebuggerHiding__Active |
description |
(no description) |
rule |
DebuggerException__ConsoleCtrl |
description |
(no description) |
rule |
DebuggerException__SetConsoleCtrl |
description |
(no description) |
rule |
ThreadControl__Context |
description |
(no description) |
rule |
SEH__vectored |
description |
(no description) |
rule |
Check_Dlls |
description |
Detection of Virtual Appliances through the use of WMI for use of evasion. |
rule |
WMI_VM_Detect |
description |
Checks if being debugged |
rule |
anti_dbg |
description |
Anti-Sandbox checks for ThreatExpert |
rule |
antisb_threatExpert |
description |
Bypass DEP |
rule |
disable_dep |
description |
Affect hook table |
rule |
win_hook |