capa-rules icon indicating copy to clipboard operation
capa-rules copied to clipboard

Published 20 hours ago verified publisher icon mandiant

encode data using JSON

Open Ana06 opened this issue 3 years ago • 0 comments

Rule name

encode data using JSON

Summary

Encode data using JavaScript Object Notation (JSON).

Possible test samples

Publicly available samples that may contain the capability this rule should detect (MD5 hashes):

  • 285e57297f578e565dc814301149edbf
  • d32fc81161b5bec6e6fb2326c47b3d3e

Namespace

Proposed namespace: data-manipulation/encoding. More details in https://github.com/fireeye/capa-rules/blob/master/doc/format.md#rule-namespace

att&ck

aka.mitre.att&ck.t1027

Ana06 avatar Apr 19 '21 12:04 Ana06