mandiant/capa-rules
Voir sur GitHubdetect opening of services often referenced by ransomware
Open
#1 048 ouverte le 22 mai 2025
good first issuehelp wantedrule idea
Métriques du dépôt
- Stars
- (721 stars)
- Métriques de merge PR
- (Métriques PR en attente)
Description
Ransomware may attempt to open and stop specific services during execution, e.g. to stop critical backup and recovery services. The rule should include a list of target service names combined with Windows API calls, e.g. OpenService.