A temporal dependency occurs when developers change two or more files at the same time (i.e. they are a part of the same commit).
| Pairs | # same commits | # commits 1 | # commits 2 | latest commit |
|---|---|---|---|---|
| behavior/rules/windows/defense_evasion_suspicious_windows_core_module_change.toml behavior/rules/windows/defense_evasion_amsi_or_wldp_bypass_via_memory_patching.toml |
2 | 2 (100%) | 9 (22%) | 2025-05-08 |
| behavior/rules/windows/defense_evasion_amsi_or_wldp_bypass_via_memory_patching.toml behavior/rules/windows/command_and_control_potential_remote_desktop_protocol_tunneling.toml |
2 | 9 (22%) | 4 (50%) | 2025-05-08 |
| behavior/rules/windows/defense_evasion_suspicious_remote_registry_modification.toml behavior/rules/windows/defense_evasion_amsi_or_wldp_bypass_via_memory_patching.toml |
2 | 5 (40%) | 9 (22%) | 2025-05-08 |
| behavior/rules/windows/lateral_movement_suspicious_process_execution_via_network_logon.toml behavior/rules/windows/command_and_control_potential_remote_desktop_protocol_tunneling.toml |
2 | 8 (25%) | 4 (50%) | 2025-05-02 |
| behavior/rules/windows/defense_evasion_suspicious_windows_core_module_change.toml behavior/rules/windows/command_and_control_potential_remote_desktop_protocol_tunneling.toml |
2 | 2 (100%) | 4 (50%) | 2025-05-08 |
| behavior/rules/windows/command_and_control_potential_remote_desktop_protocol_tunneling.toml behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml |
2 | 4 (50%) | 7 (28%) | 2025-05-08 |
| behavior/rules/windows/defense_evasion_suspicious_windows_core_module_change.toml behavior/rules/windows/defense_evasion_suspicious_remote_registry_modification.toml |
2 | 2 (100%) | 5 (40%) | 2025-05-08 |
| behavior/rules/windows/defense_evasion_suspicious_windows_core_module_change.toml behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml |
2 | 2 (100%) | 7 (28%) | 2025-05-08 |
| behavior/rules/windows/defense_evasion_amsi_or_wldp_bypass_via_memory_patching.toml behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml |
2 | 9 (22%) | 7 (28%) | 2025-05-08 |
| behavior/rules/windows/defense_evasion_suspicious_remote_registry_modification.toml behavior/rules/windows/command_and_control_potential_remote_desktop_protocol_tunneling.toml |
2 | 5 (40%) | 4 (50%) | 2025-05-08 |
| behavior/rules/windows/defense_evasion_suspicious_remote_registry_modification.toml behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml |
2 | 5 (40%) | 7 (28%) | 2025-05-08 |
| behavior/rules/windows/defense_evasion_process_memory_write_to_a_non_child_process.toml behavior/rules/linux/defense_evasion_linux_payload_decoded_and_decrypted_via_built_in_utility.toml |
1 | 3 (33%) | 3 (33%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_suspicious_memory_page_protection.toml behavior/rules/macos/execution_execution_via_electron_child_process_node.js_module.toml |
1 | 4 (25%) | 4 (25%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_potential_evasion_with_hardware_breakpoints.toml behavior/rules/windows/credential_access_failed_attempts_to_access_sensitive_files.toml |
1 | 7 (14%) | 2 (50%) | 2025-04-29 |
| behavior/rules/linux/persistence_suspicious_echo_execution.toml behavior/rules/linux/persistence_hidden_payload_executed_via_scheduled_job.toml |
1 | 10 (10%) | 12 (8%) | 2025-04-29 |
| behavior/rules/linux/persistence_suspicious_file_creation_via_web_server.toml behavior/rules/linux/execution_suspicious_execution_from_foomatic_rip_or_cupsd_parent.toml |
1 | 2 (50%) | 5 (20%) | 2025-04-29 |
| behavior/rules/windows/execution_suspicious_windows_script_base64_encoding.toml behavior/rules/windows/credential_access_lsass_access_attempt_from_an_unsigned_executable.toml |
1 | 2 (50%) | 3 (33%) | 2025-04-29 |
| behavior/rules/linux/persistence_suspicious_file_creation_via_web_server.toml behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml |
1 | 2 (50%) | 5 (20%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_shellcode_execution_via_python_script.toml behavior/rules/windows/defense_evasion_com_to_.net_redirection_via_registry.toml |
1 | 4 (25%) | 1 (100%) | 2025-04-29 |
| behavior/rules/windows/credential_access_remote_access_to_sensitive_registry_keys.toml behavior/rules/windows/command_and_control_connection_to_webservice_by_a_signed_binary_proxy.toml |
1 | 1 (100%) | 12 (8%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_potential_shellcode_injection_via_a_webshell.toml behavior/rules/windows/defense_evasion_amsi_or_wldp_bypass_via_memory_patching.toml |
1 | 3 (33%) | 9 (11%) | 2025-04-29 |
| behavior/rules/linux/persistence_hidden_payload_executed_via_scheduled_job.toml behavior/rules/linux/command_and_control_file_downloaded_via_curl_or_wget_to_hidden_directory.toml |
1 | 12 (8%) | 5 (20%) | 2025-04-29 |
| behavior/rules/windows/credential_access_lsass_access_attempt_from_an_unsigned_executable.toml behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml |
1 | 3 (33%) | 7 (14%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_suspicious_memory_protection_fluctuation.toml behavior/rules/linux/persistence_scheduled_job_executing_binary_in_unusual_location.toml |
1 | 8 (12%) | 4 (25%) | 2025-04-29 |
| behavior/rules/windows/impact_suspicious_file_rename_via_smb.toml behavior/rules/macos/defense_evasion_suspicious_openssl_execution_via_macos_application.toml |
1 | 2 (50%) | 6 (16%) | 2025-04-29 |
| behavior/rules/windows/execution_suspicious_api_call_from_a_powershell_script.toml behavior/rules/linux/persistence_systemd_execution_followed_by_network_connection.toml |
1 | 4 (25%) | 10 (10%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_potential_injection_via_module_stomping.toml behavior/rules/windows/defense_evasion_attempt_to_hide_files_via_registry_modification.toml |
1 | 2 (50%) | 2 (50%) | 2025-04-29 |
| behavior/rules/windows/execution_suspicious_windows_script_base64_encoding.toml behavior/rules/windows/defense_evasion_virtualalloc_api_call_from_an_unsigned_dll.toml |
1 | 2 (50%) | 6 (16%) | 2025-04-29 |
| behavior/rules/windows/persistence_office_application_startup_via_template_file_modification.toml behavior/rules/linux/persistence_motd_execution_followed_by_egress_network_connection.toml |
1 | 3 (33%) | 6 (16%) | 2025-04-29 |
| behavior/rules/windows/execution_execution_via_obfuscated_windows_script.toml behavior/rules/windows/defense_evasion_process_memory_write_to_a_non_child_process.toml |
1 | 2 (50%) | 3 (33%) | 2025-04-29 |
| behavior/rules/windows/persistence_dual_persistence_via_startup_and_scheduled_task.toml behavior/rules/windows/defense_evasion_windows_api_via_a_callback_function.toml |
1 | 2 (50%) | 3 (33%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_unbacked_shellcode_from_unsigned_module.toml behavior/rules/windows/credential_access_lsass_access_attempt_via_ppl_bypass.toml |
1 | 6 (16%) | 7 (14%) | 2025-04-29 |
| behavior/rules/windows/persistence_registry_or_file_modification_from_suspicious_memory.toml behavior/rules/windows/execution_potential_pentesting_powershell_script.toml |
1 | 3 (33%) | 3 (33%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_suspicious_powershell_console_history_deletion.toml behavior/rules/windows/defense_evasion_com_to_.net_redirection_via_registry.toml |
1 | 2 (50%) | 1 (100%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_process_creation_from_backed_rwx_memory.toml behavior/rules/linux/defense_evasion_shared_object_load_via_lolbin.toml |
1 | 3 (33%) | 4 (25%) | 2025-04-29 |
| behavior/rules/windows/execution_suspicious_command_shell_execution_via_windows_run.toml behavior/rules/windows/defense_evasion_suspicious_remote_memory_allocation.toml |
1 | 2 (50%) | 8 (12%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_suspicious_memory_protection_fluctuation.toml behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml |
1 | 8 (12%) | 5 (20%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_potential_remote_code_injection.toml behavior/rules/macos/collection_suspicious_image_creation_via_screencapture.toml |
1 | 4 (25%) | 1 (100%) | 2025-04-29 |
| behavior/rules/windows/execution_potential_pentesting_powershell_script.toml behavior/rules/windows/defense_evasion_parallel_ntdll_loaded_from_unbacked_memory.toml |
1 | 3 (33%) | 3 (33%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_image_hollow_from_unusual_stack.toml behavior/rules/windows/credential_access_lsass_access_attempt_from_an_unsigned_executable.toml |
1 | 6 (16%) | 3 (33%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_process_creation_with_unusual_mitigation.toml behavior/rules/windows/credential_access_security_account_manager_(sam)_registry_access.toml |
1 | 6 (16%) | 5 (20%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_potential_ntdll_memory_unhooking.toml behavior/rules/linux/defense_evasion_shared_object_injection_via_process_environment_variable.toml |
1 | 4 (25%) | 6 (16%) | 2025-04-29 |
| behavior/rules/windows/command_and_control_ingress_tool_transfer_via_powershell.toml behavior/rules/linux/persistence_apt_package_manager_command_execution.toml |
1 | 4 (25%) | 6 (16%) | 2025-04-29 |
| behavior/rules/windows/credential_access_failed_attempts_to_access_sensitive_files.toml behavior/rules/windows/command_and_control_execution_from_suspicious_stack_trailing_bytes.toml |
1 | 2 (50%) | 5 (20%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_remote_memory_write_to_trusted_target_process.toml behavior/rules/linux/impact_potential_coin_miner_execution_via_shell.toml |
1 | 3 (33%) | 4 (25%) | 2025-04-29 |
| behavior/rules/windows/lateral_movement_execution_of_a_file_dropped_from_smb_via_services.toml behavior/rules/linux/persistence_egress_network_connection_from_default_dpkg_directory.toml |
1 | 2 (50%) | 7 (14%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_attempt_to_hide_files_via_registry_modification.toml behavior/rules/linux/persistence_file_downloaded_to_suspicious_location_by_web_server.toml |
1 | 2 (50%) | 2 (50%) | 2025-04-29 |
| behavior/rules/windows/command_and_control_execution_from_suspicious_stack_trailing_bytes.toml behavior/rules/macos/execution_temporary_binary_execution_via_osascript.toml |
1 | 5 (20%) | 1 (100%) | 2025-04-29 |
| behavior/rules/windows/privilege_escalation_interactive_logon_by_a_suspicious_process.toml behavior/rules/windows/credential_access_access_to_browser_credentials_from_suspicious_memory.toml |
1 | 5 (20%) | 8 (12%) | 2025-04-29 |
| behavior/rules/windows/defense_evasion_protected_process_light_bypass_via_dll_tampering.toml behavior/rules/windows/defense_evasion_potential_ntdll_memory_unhooking.toml |
1 | 9 (11%) | 4 (25%) | 2025-04-29 |
