parse-credit-card-information -> mimikatz.exe_:0x444E02

mandiant / capa-rules

Standard collection of rules for capa: the tool for enumerating the capabilities of programs

https://github.com/mandiant/capa/

Apache License 2.0

514 stars 157 forks source link

parse-credit-card-information -> mimikatz.exe_:0x444E02 #897

Open mike-hunhoff opened 3 months ago

mike-hunhoff commented 3 months ago

parse-credit-card-information match reported for mimikatz.exe_:0x444E02

I've noticed FPs for this rule for other internal binaries as well. The character checks detected by this rule (=, ?, etc.) are also found in common processing for things like URIs, etc..