diff --git a/CHANGELOG.md b/CHANGELOG.md index 7d22aad8..f3fd71f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,13 +3,79 @@ ## master (unreleased) The first Python 3 ONLY capa version. +It includes many new rules, including all new techniques introduced in MITRE ATT&CK v9. ### New Features - main: auto detect shellcode based on file extension #516 @mr-tz - main: use FLIRT signatures to identify and ignore library code #446 @williballenthin +- explorer: IDA 7.6 support #497 @williballenthin -### New Rules +### New Rules (63) + +- anti-analysis/packer/amber/packed-with-amber @gormaniac +- collection/file-managers/gather-3d-ftp-information @re-fox +- collection/file-managers/gather-alftp-information @re-fox +- collection/file-managers/gather-bitkinex-information @re-fox +- collection/file-managers/gather-blazeftp-information @re-fox +- collection/file-managers/gather-bulletproof-ftp-information @re-fox +- collection/file-managers/gather-classicftp-information @re-fox +- collection/file-managers/gather-coreftp-information @re-fox +- collection/file-managers/gather-cuteftp-information @re-fox +- collection/file-managers/gather-cyberduck-information @re-fox +- collection/file-managers/gather-direct-ftp-information @re-fox +- collection/file-managers/gather-directory-opus-information @re-fox +- collection/file-managers/gather-expandrive-information @re-fox +- collection/file-managers/gather-faststone-browser-information @re-fox +- collection/file-managers/gather-fasttrack-ftp-information @re-fox +- collection/file-managers/gather-ffftp-information @re-fox +- collection/file-managers/gather-filezilla-information @re-fox +- collection/file-managers/gather-flashfxp-information @re-fox +- collection/file-managers/gather-fling-ftp-information @re-fox +- collection/file-managers/gather-freshftp-information @re-fox +- collection/file-managers/gather-frigate3-information @re-fox +- collection/file-managers/gather-ftp-commander-information @re-fox +- collection/file-managers/gather-ftp-explorer-information @re-fox +- collection/file-managers/gather-ftp-voyager-information @re-fox +- collection/file-managers/gather-ftpgetter-information @re-fox +- collection/file-managers/gather-ftpinfo-information @re-fox +- collection/file-managers/gather-ftpnow-information @re-fox +- collection/file-managers/gather-ftprush-information @re-fox +- collection/file-managers/gather-ftpshell-information @re-fox +- collection/file-managers/gather-global-downloader-information @re-fox +- collection/file-managers/gather-goftp-information @re-fox +- collection/file-managers/gather-leapftp-information @re-fox +- collection/file-managers/gather-netdrive-information @re-fox +- collection/file-managers/gather-nexusfile-information @re-fox +- collection/file-managers/gather-nova-ftp-information @re-fox +- collection/file-managers/gather-robo-ftp-information @re-fox +- collection/file-managers/gather-securefx-information @re-fox +- collection/file-managers/gather-smart-ftp-information @re-fox +- collection/file-managers/gather-softx-ftp-information @re-fox +- collection/file-managers/gather-southriver-webdrive-information @re-fox +- collection/file-managers/gather-staff-ftp-information @re-fox +- collection/file-managers/gather-total-commander-information @re-fox +- collection/file-managers/gather-turbo-ftp-information @re-fox +- collection/file-managers/gather-ultrafxp-information @re-fox +- collection/file-managers/gather-winscp-information @re-fox +- collection/file-managers/gather-winzip-information @re-fox +- collection/file-managers/gather-wise-ftp-information @re-fox +- collection/file-managers/gather-ws-ftp-information @re-fox +- collection/file-managers/gather-xftp-information @re-fox +- data-manipulation/compression/decompress-data-using-aplib @r3c0nst @mr-tz +- host-interaction/bootloader/disable-code-signing @williballenthin +- host-interaction/bootloader/manipulate-boot-configuration @williballenthin +- host-interaction/driver/disable-driver-code-integrity @williballenthin +- host-interaction/file-system/bypass-mark-of-the-web @williballenthin +- host-interaction/network/domain/get-domain-information @recvfrom +- host-interaction/session/get-logon-sessions @recvfrom +- linking/runtime-linking/resolve-function-by-fin8-fasthash @r3c0nst @mr-tz +- nursery/build-docker-image @williballenthin +- nursery/create-container @williballenthin +- nursery/encrypt-data-using-fakem-cipher @mike-hunhoff +- nursery/list-containers @williballenthin +- nursery/run-in-container @williballenthin +- persistence/registry/appinitdlls/disable-appinit_dlls-code-signature-enforcement @williballenthin ### Bug Fixes @@ -20,6 +86,8 @@ The first Python 3 ONLY capa version. - py3: drop Python 2 support #480 @Ana06 - deps: bump ruamel yaml parser to 0.17.4 #519 @williballenthin - explorer: explain how to install IDA 7.6 patch to enable the plugin #528 @williballenthin +- explorer: document IDA 7.6sp1 as alternative to the patch #536 @Ana06 +- rules: update ATT&CK and MBC mappings https://github.com/fireeye/capa-rules/pull/317 @williballenthin ### Development