APIs
Datasets
Datasets of the HijackLibs project are available in the following formats:
| Format | Type | Structure | URL |
|---|---|---|---|
| JSON | All entries | Same as original YAML files | /api/hijacklibs.json |
| CSV | All entries | One line for each (DLL, EXE) combination | /api/hijacklibs.csv |
| YAML | Individual entries | The 'source' YAML files | https://raw.githubusercontent.com/wietze/HijackLibs/main/yml |
Detection content
Furthermore, there are also datasets for detection content:
| Format | Type | Content | URL |
|---|---|---|---|
| Individual Detections | |||
| σSigma (YAML) | One rule for each DLL | Auto-generated detection content for image loads | /api/sigma_feed_image.yml |
| σSigma (YAML) | One rule for each DLL | Auto-generated detection content for file writes | /api/sigma_feed_file.yml |
| σSigma (YAML) | One rule for each DLL | Auto-generated detection content for (unsigned) image loads | /api/sigma_feed_signature.yml |
| Single Detections | |||
| σSigma (YAML) | A single rule for all | Auto-generated detection content for file writes | /api/sigma_feed_file_single.yml |
| JSON | A single file for all | Auto-generated mapping between DLLs and their expected locations | /api/hijacklibs_single.json |