Merge pull request #343 from knowmalware/capabilities

Create Capabilities ruleset

Merge pull request #343 from knowmalware/capabilities
Create Capabilities ruleset
9623360c · jovimon · GitHub · a6845dee · 33df5d40 · 9623360c
Unverified Commit 9623360c authored Mar 17, 2019 by jovimon Committed by GitHub Mar 17, 2019
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

antidebug_antivm.yar Antidebug_AntiVM/antidebug_antivm.yar +0 -0

capabilities.yar Capabilities/capabilities.yar +0 -0

README.md README.md +4 -0

No files found.
--- a/Antidebug_AntiVM/antidebug_antivm.yar
+++ b/Antidebug_AntiVM/antidebug_antivm.yar
--- a/Capabilities/capabilities.yar
+++ b/Capabilities/capabilities.yar
--- a/README.md
+++ b/README.md
@@ -32,6 +32,10 @@ Also, you will need [Androguard Module](https://github.com/Koodous/androguard-ya

 In this section you will find Yara Rules aimed toward the detection of anti-debug and anti-virtualization techniques used by malware to evade automated analysis.

+## Capabilities
+
+In this section you will find Yara rules to detect capabilities that do not fit into any of the other categories.  They are useful to know for analysis but may not be malicious indicators on their own.
+
 ## CVE_Rules

 In this section you will find Yara Rules specialised toward the identification of specific Common Vulnerabilities and Exposures (CVEs)