capa-rules parse-credit-card-information -> mimikatz.exe

parse-credit-card-information -> mimikatz.exe_:0x444E02

Open mike-hunhoff opened this issue 9 months ago • 0 comments

parse-credit-card-information match reported for mimikatz.exe_:0x444E02

I've noticed FPs for this rule for other internal binaries as well. The character checks detected by this rule (=, ?, etc.) are also found in common processing for things like URIs, etc..

May 03 '24 17:05 mike-hunhoff

capa-rules capa-rules copied to clipboard

parse-credit-card-information -> mimikatz.exe_:0x444E02

capa-rules
capa-rules copied to clipboard