← Back to SOC feed Coverage →

DebuggerHiding Thread

yara LOW Yara-Rules 2026-03-19

community

This detection content is auto-generated from open-source rule repositories and enriched with AI analysis. Always validate rules in a test environment before deploying to production Sentinel workspaces.
View original rule at Yara-Rules →
Retrieved: 2026-03-19T03:46:59Z · Confidence: medium

Hunt Hypothesis

YARA rule: DebuggerHiding__Thread

YARA Rule

rule DebuggerHiding__Thread : AntiDebug DebuggerHiding {
	meta:
	    Author = "naxonez"
		reference = "https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara"
		weight = 1
	strings:
		$ ="SetInformationThread"
	condition:
		any of them
}

Deployment Notes

This YARA rule can be deployed in the following contexts:

Microsoft Defender for Endpoint — Custom indicators / advanced hunting
Email Gateway — Attachment scanning
File Share Monitoring — Periodic scanning of shared drives
YARA CLI — Manual threat hunting on endpoints

References

Original source: https://github.com/Yara-Rules/rules/blob/main/antidebug_antivm/antidebug_antivm.yar