mandiant/capa-rules
GitHub で見るdetect opening of services often referenced by ransomware
Open
#1,048 opened on 2025年5月22日
good first issuehelp wantedrule idea
Repository metrics
- Stars
- (721 stars)
- PR merge metrics
- (PR metrics pending)
説明
Ransomware may attempt to open and stop specific services during execution, e.g. to stop critical backup and recovery services. The rule should include a list of target service names combined with Windows API calls, e.g. OpenService.