mandiant/capa-rules
在 GitHub 查看detect opening of services often referenced by ransomware
Open
#1,048 建立於 2025年5月22日
good first issuehelp wantedrule idea
倉庫指標
- Star
- (721 star)
- PR 合併指標
- (PR 指標待抓取)
描述
Ransomware may attempt to open and stop specific services during execution, e.g. to stop critical backup and recovery services. The rule should include a list of target service names combined with Windows API calls, e.g. OpenService.