add rule for detecting opening of service by ransomwares

[cipherBT]

Resolves issue #1048. Hi, my name is Fatiu and I'm taking a look at some good first issues for GSoC 2026. This PR adds a rule to detect when a binary attempts to open/control services consistently targeted by ransomware compiled from the Netskope IOC list mentioned in the issue.
Currently, the examples section is blank as I don't have a direct sample hash hitting it. I'd appreciate any feedback. Thank you

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[cipherBT]

Hi @mike-hunhoff
I just wanted to leave a quick note to introduce myself. I'm an undergraduate student preparing a proposal for the Automated Rule Generation GSoC 2026 project, and I'm very excited to start contributing to the repository early!
This is my very first PR addressing Issue #1048. Whenever you have a free moment, could you please approve the workflow run for this PR?
Since I'm still learning the capa formatting rules, I'd love to see if the CI catches any strict syntax mistakes I made so I can quickly fix them for you.

Thanks for your time!

[mike-hunhoff]

@cipherBT please post a screenshot of the unit tests passing locally before we give this a review.