-
Notifications
You must be signed in to change notification settings - Fork 554
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* release: v4 prep * add SMDA deprecation warning * doc: update v4 changes * Update CHANGELOG.md * Update CHANGELOG.md Co-authored-by: Willi Ballenthin <[email protected]> * doc: add DeprecationWarning * fix: add __index__ method * ci: test build run on more OSs * explorer: update supported versions to include IDA 8.0 Co-authored-by: Mike Hunhoff <[email protected]> Co-authored-by: Willi Ballenthin <[email protected]>
- Loading branch information
1 parent
e564466
commit 81cb4b3
Showing
6 changed files
with
58 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,6 +2,37 @@ | |
|
||
## master (unreleased) | ||
|
||
### New Features | ||
|
||
### Breaking Changes | ||
|
||
### New Rules (0) | ||
|
||
- | ||
|
||
### Bug Fixes | ||
|
||
### capa explorer IDA Pro plugin | ||
|
||
### Development | ||
|
||
### Raw diffs | ||
- [capa v4.0.0...master](https://github.com/mandiant/capa/compare/v4.0.0...master) | ||
- [capa-rules v4.0.0...master](https://github.com/mandiant/capa-rules/compare/v4.0.0...master) | ||
|
||
## v4.0.0 (2022-07-XX) | ||
Version 4 adds support for analyzing .NET executables. capa will autodetect .NET modules, or you can explicitly invoke the new feature extractor via `--format dotnet`. We've also extended the rule syntax for .NET features including `namespace` and `class`. | ||
|
||
Additionally, new `instruction` scope and `operand` features enable users to create more explicit rules. These features are not backwards compatible. We removed the previously used `/x32` and `/x64` flavors of number and operand features. | ||
|
||
We updated 49 existing rules and added 22 new rules leveraging these new features and characteristics to detect capabilities seen in .NET malware. | ||
|
||
More breaking changes include updates to the JSON results document, freeze file format schema (now format version v2), and the internal handling of addresses. | ||
|
||
Thanks for all the support, especially to @htnhan, @jtothej, @sara-rn, @anushkavirgaonkar, and @_re_fox! | ||
|
||
*Deprecation warning: v4.0 will be the last capa version to support the SMDA backend.* | ||
|
||
### New Features | ||
|
||
- add new scope "instruction" for matching mnemonics and operands #767 @williballenthin | ||
|
@@ -37,7 +68,7 @@ Deprecation notice: as described in [#937](https://github.com/mandiant/capa/issu | |
- anti-analysis/packer/huan/packed-with-huan [email protected] | ||
- internal/limitation/file/internal-dotnet-file-limitation [email protected] | ||
- nursery/get-os-information-via-kuser_shared_data @mr-tz | ||
- load-code/pe/resolve-function-by-parsing-PE-exports sara-rn | ||
- load-code/pe/resolve-function-by-parsing-PE-exports @sara-rn | ||
- anti-analysis/packer/huan/packed-with-huan [email protected] | ||
- nursery/execute-dotnet-assembly [email protected] | ||
- nursery/invoke-dotnet-assembly-method [email protected] | ||
|
@@ -60,7 +91,6 @@ Deprecation notice: as described in [#937](https://github.com/mandiant/capa/issu | |
- nursery/hash-data-using-rshash @_re_fox | ||
- persistence/authentication-process/act-as-credential-manager-dll [email protected] | ||
- persistence/authentication-process/act-as-password-filter-dll [email protected] | ||
- | ||
|
||
### Bug Fixes | ||
- improve handling _ prefix compile/link artifact #924 @mike-hunhoff | ||
|
@@ -75,8 +105,19 @@ Deprecation notice: as described in [#937](https://github.com/mandiant/capa/issu | |
### Development | ||
|
||
### Raw diffs | ||
- [capa v3.2.0...master](https://github.com/mandiant/capa/compare/v3.2.0...master) | ||
- [capa-rules v3.2.0...master](https://github.com/mandiant/capa-rules/compare/v3.2.0...master) | ||
- [capa v3.2.0...v4.0.0](https://github.com/mandiant/capa/compare/v3.2.0...master) | ||
- [capa-rules v3.2.0...v4.0.0](https://github.com/mandiant/capa-rules/compare/v3.2.0...master) | ||
|
||
## v3.2.1 (2022-06-06) | ||
This out-of-band release bumps the SMDA dependency version to enable installation on Python 3.10. | ||
|
||
### Bug Fixes | ||
|
||
- update SMDA dependency @mike-hunhoff #922 | ||
|
||
### Raw diffs | ||
- [capa v3.2.0...v3.2.1](https://github.com/mandiant/capa/compare/v3.2.0...v3.2.1) | ||
- [capa-rules v3.2.0...v3.2.1](https://github.com/mandiant/capa-rules/compare/v3.2.0...v3.2.1) | ||
|
||
## v3.2.0 (2022-03-03) | ||
This release adds a new characteristic `characteristic: call $+5` enabling users to create more explicit rules. The linter now also validates ATT&CK and MBC categories. Additionally, many dependencies, including the vivisect backend, have been updated. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
__version__ = "3.2.0" | ||
__version__ = "4.0.0" | ||
|
||
|
||
def get_major_version(): | ||
|