Create Capabilities ruleset

The Capabilities ruleset contains rules that do not fit into one of the other categories but are useful information for analysis. The initial rules are those from the AntiDebug AntiVM ruleset that are not related to anti-analysis techniques. Fixes #316

Create Capabilities ruleset
The Capabilities ruleset contains rules that do not fit into one of the other categories but are useful information for analysis. The initial rules are those from the AntiDebug AntiVM ruleset that are not related to anti-analysis techniques. Fixes #316
33df5d40 · Frank Poz · 8130cda6 · 33df5d40 · 33df5d40 · 33df5d40
Commit 33df5d40 authored Mar 14, 2019 by Frank Poz
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

antidebug_antivm.yar Antidebug_AntiVM/antidebug_antivm.yar +0 -0

capabilities.yar Capabilities/capabilities.yar +0 -0

README.md README.md +4 -0

No files found.
--- a/Antidebug_AntiVM/antidebug_antivm.yar
+++ b/Antidebug_AntiVM/antidebug_antivm.yar
--- a/Capabilities/capabilities.yar
+++ b/Capabilities/capabilities.yar
--- a/README.md
+++ b/README.md
@@ -32,6 +32,10 @@ Also, you will need [Androguard Module](https://github.com/Koodous/androguard-ya

 In this section you will find Yara Rules aimed toward the detection of anti-debug and anti-virtualization techniques used by malware to evade automated analysis.

+## Capabilities
+
+In this section you will find Yara rules to detect capabilities that do not fit into any of the other categories.  They are useful to know for analysis but may not be malicious indicators on their own.
+
 ## CVE_Rules

 In this section you will find Yara Rules specialised toward the identification of specific Common Vulnerabilities and Exposures (CVEs)