diff --git a/capabilities/capabilities.yar b/capabilities/capabilities.yar
index 1f47a1fb..88a99a9f 100644
--- a/capabilities/capabilities.yar
+++ b/capabilities/capabilities.yar
@@ -929,3 +929,18 @@ rule mysql_database_presence
     condition:
         (any of ($db*))
 }
+
+rule dotnet_binary_file
+{
+    meta:
+        author = "CYB3RMX"
+        description = "Detects possible .NET binary files."
+    strings:
+        $dot1 = "mscoree.dll" wide ascii
+        $dot2 = "_CorExeMain" wide ascii
+        $dot3 = "_CorDllMain" wide ascii
+        $dot4 = "mscorlib" wide ascii
+        $dot5 = ".NETFramework" wide ascii
+    condition:
+        ((2 of ($dot*)) or (all of ($dot*)))
+}