mandiant/capa-rules
Vedi su GitHubdetect opening of services often referenced by ransomware
Open
#1048 aperta il 22 mag 2025
good first issuehelp wantedrule idea
Metriche repository
- Star
- (721 star)
- Metriche merge PR
- (Metriche PR in attesa)
Descrizione
Ransomware may attempt to open and stop specific services during execution, e.g. to stop critical backup and recovery services. The rule should include a list of target service names combined with Windows API calls, e.g. OpenService.