mandiant/capa-rules
Auf GitHub ansehendetect opening of services often referenced by ransomware
Open
#1.048 geöffnet am 22. Mai 2025
good first issuehelp wantedrule idea
Repository-Metriken
- Stars
- (721 Stars)
- PR-Merge-Metriken
- (PR-Metriken ausstehend)
Beschreibung
Ransomware may attempt to open and stop specific services during execution, e.g. to stop critical backup and recovery services. The rule should include a list of target service names combined with Windows API calls, e.g. OpenService.