From 8ad54271e95caa23405a0957532ddf4d4b44474a Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Mon, 10 Jan 2022 09:33:39 -0700 Subject: [PATCH 1/8] version: v3.1.0 --- capa/version.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capa/version.py b/capa/version.py index 8d1c8625f..9ce9954cf 100644 --- a/capa/version.py +++ b/capa/version.py @@ -1 +1 @@ -__version__ = "3.0.3" +__version__ = "3.10.0" From a97262d022036e9087fe747d5741f54b7df8d30c Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Mon, 10 Jan 2022 09:39:46 -0700 Subject: [PATCH 2/8] changelog: v3.1.0 --- CHANGELOG.md | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9d7a07077..386cba201 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,26 @@ ### New Features +### Breaking Changes + +### New Rules (0) + +- + +### Bug Fixes + +### capa explorer IDA Pro plugin + +### Development + +### Raw diffs +- [capa ...master](https://github.com/mandiant/capa/compare/v3.1.0...master) +- [capa-rules ...master](https://github.com/mandiant/capa-rules/compare/v3.1.0...master) + +## v3.1.0 (2022-01-10) + +### New Features + - engine: short circuit logic nodes for better performance #824 @williballenthin - engine: add optimizer the order faster nodes first #829 @williballenthin - engine: optimize rule evaluation by skipping rules that can't match #830 @williballenthin @@ -12,7 +32,7 @@ - rules: support maec/malware-family meta #841 @mr-tz - engine: better type annotations/exhaustiveness checking #839 @cl30 -### Breaking Changes +### Breaking Changes: None ### New Rules (23) @@ -61,8 +81,8 @@ - show features script: add backend flag #430 @kn0wl3dge ### Raw diffs -- [capa ...master](https://github.com/mandiant/capa/compare/v3.0.3...master) -- [capa-rules ...master](https://github.com/mandiant/capa-rules/compare/v3.0.3...master) +- [capa ...master](https://github.com/mandiant/capa/compare/v3.0.3...v3.1.0) +- [capa-rules ...master](https://github.com/mandiant/capa-rules/compare/v3.0.3...v3.1.0) ## v3.0.3 (2021-10-27) From 6555a3604f0c71d39a0b42c2359703ce77ccaf74 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Mon, 10 Jan 2022 09:49:00 -0700 Subject: [PATCH 3/8] changelog: intro section --- CHANGELOG.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 386cba201..559255a09 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,15 @@ - [capa-rules ...master](https://github.com/mandiant/capa-rules/compare/v3.1.0...master) ## v3.1.0 (2022-01-10) +This release improves the performance of capa while also adding 23 new rules and many code quality enhancements. We profiled capa's CPU usage and optimized the way that it matches rules, such as by short circuiting when appropriate. According to our testing, the matching phase is approximately 66% faster than v3.0.3! We also added support for Python 3.10, aarch64 builds, and additional MAEC metadata in the rule headers. + +This release adds 23 new rules, including nine by Jakub Jozwiak of Mandiant. @ryantxu1 and @dzbeck updated the ATT&CK and MBC mappings for many rules. Thank you! + +And as always, welcome first time contributors! + + - @kn0wl3dge + - @jtothej + ### New Features @@ -28,7 +37,7 @@ - engine: add optimizer the order faster nodes first #829 @williballenthin - engine: optimize rule evaluation by skipping rules that can't match #830 @williballenthin - support python 3.10 #816 @williballenthin -- support aarch64 #683 +- support aarch64 #683 @williballenthin - rules: support maec/malware-family meta #841 @mr-tz - engine: better type annotations/exhaustiveness checking #839 @cl30 From a4cc409c95453d0a5b0912a5299f6571aed2e22a Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Mon, 10 Jan 2022 12:39:07 -0700 Subject: [PATCH 4/8] Update capa/version.py Co-authored-by: Moritz --- capa/version.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capa/version.py b/capa/version.py index 9ce9954cf..f5f41e567 100644 --- a/capa/version.py +++ b/capa/version.py @@ -1 +1 @@ -__version__ = "3.10.0" +__version__ = "3.1.0" From b444c28a191382a07d8c3f8da12e7b5fa764b89a Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Tue, 11 Jan 2022 10:05:40 -0700 Subject: [PATCH 5/8] changelog: fix format --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 559255a09..1066bd2c2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -65,7 +65,6 @@ And as always, welcome first time contributors! - host-interaction/process/inject/inject-shellcode-using-a-file-mapping-object jakub.jozwiak@mandiant.com - load-code/shellcode/execute-shellcode-via-copyfile2 jakub.jozwiak@mandiant.com - malware-family/plugx/match-known-plugx-module still@teamt5.org -- ### Rule Changes From 4f0067e4086d39e0917eebf2f3c3a02b003b8983 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Tue, 11 Jan 2022 14:27:59 -0700 Subject: [PATCH 6/8] Update CHANGELOG.md Co-authored-by: Moritz --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1066bd2c2..224631894 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,8 +17,8 @@ ### Development ### Raw diffs -- [capa ...master](https://github.com/mandiant/capa/compare/v3.1.0...master) -- [capa-rules ...master](https://github.com/mandiant/capa-rules/compare/v3.1.0...master) +- [capa v3.1.0...master](https://github.com/mandiant/capa/compare/v3.1.0...master) +- [capa-rules v3.1.0...master](https://github.com/mandiant/capa-rules/compare/v3.1.0...master) ## v3.1.0 (2022-01-10) This release improves the performance of capa while also adding 23 new rules and many code quality enhancements. We profiled capa's CPU usage and optimized the way that it matches rules, such as by short circuiting when appropriate. According to our testing, the matching phase is approximately 66% faster than v3.0.3! We also added support for Python 3.10, aarch64 builds, and additional MAEC metadata in the rule headers. From 5530bbad53cccb40d4047db13ebfa3a47be7a762 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Tue, 11 Jan 2022 14:28:17 -0700 Subject: [PATCH 7/8] Update CHANGELOG.md Co-authored-by: Moritz --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 224631894..8ba7f12a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -89,8 +89,8 @@ And as always, welcome first time contributors! - show features script: add backend flag #430 @kn0wl3dge ### Raw diffs -- [capa ...master](https://github.com/mandiant/capa/compare/v3.0.3...v3.1.0) -- [capa-rules ...master](https://github.com/mandiant/capa-rules/compare/v3.0.3...v3.1.0) +- [capa v3.0.3...v3.1.0](https://github.com/mandiant/capa/compare/v3.0.3...v3.1.0) +- [capa-rules v3.0.3...v3.1.0](https://github.com/mandiant/capa-rules/compare/v3.0.3...v3.1.0) ## v3.0.3 (2021-10-27) From de7592b351e5fe4b0c742ead3b32bedb1ce02428 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Tue, 11 Jan 2022 14:29:15 -0700 Subject: [PATCH 8/8] changelog: add additional contributor --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8ba7f12a7..02dd45ec4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,7 @@ And as always, welcome first time contributors! - @kn0wl3dge - @jtothej + - @cl30 ### New Features