From be6f87318eb573054af8e54b1a68335e3d2077e9 Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Fri, 20 Oct 2023 09:50:07 +0000 Subject: [PATCH 01/34] Sync capa rules submodule --- rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules b/rules index bc63b328..65eae8a7 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit bc63b328dc51ee8222a1852e119cb9588d0ca6dd +Subproject commit 65eae8a7d67af66a1a9f3a3bdc95cb347cc9b5e1 From fec1e6a947a7800821158bf651b60e45a8c2c362 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Oct 2023 14:46:59 +0000 Subject: [PATCH 02/34] build(deps-dev): bump black from 23.9.1 to 23.10.0 Bumps [black](https://github.com/psf/black) from 23.9.1 to 23.10.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/23.9.1...23.10.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 31f5312f..f0fdd0f8 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -78,7 +78,7 @@ dev = [ "flake8-use-pathlib==0.3.0", "flake8-copyright==0.2.4", "ruff==0.0.291", - "black==23.9.1", + "black==23.10.0", "isort==5.11.4", "mypy==1.6.0", "psutil==5.9.2", From 426931c392df5468e36950bbdcc0e90aaf5d36b7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Oct 2023 14:47:03 +0000 Subject: [PATCH 03/34] build(deps-dev): bump types-requests from 2.31.0.2 to 2.31.0.10 Bumps [types-requests](https://github.com/python/typeshed) from 2.31.0.2 to 2.31.0.10. - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-requests dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 31f5312f..39671829 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -92,7 +92,7 @@ dev = [ "types-tabulate==0.9.0.3", "types-termcolor==1.1.4", "types-psutil==5.8.23", - "types_requests==2.31.0.2", + "types_requests==2.31.0.10", "types-protobuf==4.23.0.3", ] build = [ From e7198b2aafe653bbb1652dd3ec1ff85894eff7c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Oct 2023 14:47:26 +0000 Subject: [PATCH 04/34] build(deps-dev): bump flake8-no-implicit-concat from 0.3.4 to 0.3.5 Bumps [flake8-no-implicit-concat](https://github.com/10sr/flake8-no-implicit-concat) from 0.3.4 to 0.3.5. - [Release notes](https://github.com/10sr/flake8-no-implicit-concat/releases) - [Changelog](https://github.com/10sr/flake8-no-implicit-concat/blob/master/CHANGELOG.md) - [Commits](https://github.com/10sr/flake8-no-implicit-concat/compare/v0.3.4...v0.3.5) --- updated-dependencies: - dependency-name: flake8-no-implicit-concat dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 31f5312f..39ce0c5c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -71,7 +71,7 @@ dev = [ "flake8-encodings==0.5.0.post1", "flake8-comprehensions==3.14.0", "flake8-logging-format==0.9.0", - "flake8-no-implicit-concat==0.3.4", + "flake8-no-implicit-concat==0.3.5", "flake8-print==5.0.0", "flake8-todos==0.3.0", "flake8-simplify==0.21.0", From 874faf0901b2959ab207fe1128fe2b5ad113f7e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Oct 2023 19:48:35 +0000 Subject: [PATCH 05/34] build(deps-dev): bump mypy from 1.6.0 to 1.6.1 Bumps [mypy](https://github.com/python/mypy) from 1.6.0 to 1.6.1. - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](https://github.com/python/mypy/compare/v1.6.0...v1.6.1) --- updated-dependencies: - dependency-name: mypy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index f0fdd0f8..8fa5a2e6 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -80,7 +80,7 @@ dev = [ "ruff==0.0.291", "black==23.10.0", "isort==5.11.4", - "mypy==1.6.0", + "mypy==1.6.1", "psutil==5.9.2", "stix2==3.0.1", "requests==2.31.0", From 66607f14123769226bdc18bcd42e7058cfde9ff1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Oct 2023 14:11:00 +0000 Subject: [PATCH 06/34] build(deps-dev): bump pytest from 7.4.2 to 7.4.3 Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.4.2 to 7.4.3. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/7.4.2...7.4.3) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index f0fdd0f8..3814caad 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -62,7 +62,7 @@ packages = ["capa"] [project.optional-dependencies] dev = [ "pre-commit==3.5.0", - "pytest==7.4.2", + "pytest==7.4.3", "pytest-sugar==0.9.7", "pytest-instafail==0.5.0", "pytest-cov==4.1.0", From 8d55c2f249e593e3a975466a8a6e6405ab52616c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Oct 2023 14:11:50 +0000 Subject: [PATCH 07/34] build(deps-dev): bump ruamel-yaml from 0.17.35 to 0.18.3 Bumps [ruamel-yaml]() from 0.17.35 to 0.18.3. --- updated-dependencies: - dependency-name: ruamel-yaml dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index f0fdd0f8..4661dee3 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -42,7 +42,7 @@ dependencies = [ "viv-utils[flirt]==0.7.9", "halo==0.0.31", "networkx==3.1", - "ruamel.yaml==0.17.35", + "ruamel.yaml==0.18.3", "vivisect==1.1.1", "pefile==2023.2.7", "pyelftools==0.30", From 18ab8d28d989a7eb0e7923586aca6c9fae3299fa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Nov 2023 14:41:55 +0000 Subject: [PATCH 08/34] build(deps-dev): bump ruamel-yaml from 0.18.3 to 0.18.5 Bumps [ruamel-yaml]() from 0.18.3 to 0.18.5. --- updated-dependencies: - dependency-name: ruamel-yaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 3abac004..b306696b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -42,7 +42,7 @@ dependencies = [ "viv-utils[flirt]==0.7.9", "halo==0.0.31", "networkx==3.1", - "ruamel.yaml==0.18.3", + "ruamel.yaml==0.18.5", "vivisect==1.1.1", "pefile==2023.2.7", "pyelftools==0.30", From 6380d936aeea58692daeb96b21a9a567a13ebe9c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Nov 2023 14:42:06 +0000 Subject: [PATCH 09/34] build(deps-dev): bump wcwidth from 0.2.8 to 0.2.9 Bumps [wcwidth](https://github.com/jquast/wcwidth) from 0.2.8 to 0.2.9. - [Release notes](https://github.com/jquast/wcwidth/releases) - [Commits](https://github.com/jquast/wcwidth/compare/0.2.8...0.2.9) --- updated-dependencies: - dependency-name: wcwidth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 3abac004..35d947f1 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -37,7 +37,7 @@ dependencies = [ "tabulate==0.9.0", "colorama==0.4.6", "termcolor==2.3.0", - "wcwidth==0.2.8", + "wcwidth==0.2.9", "ida-settings==2.1.0", "viv-utils[flirt]==0.7.9", "halo==0.0.31", From abf83fe8cf21135e869a277dda336970087beec9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Nov 2023 14:42:18 +0000 Subject: [PATCH 10/34] build(deps-dev): bump ruff from 0.0.291 to 0.1.4 Bumps [ruff](https://github.com/astral-sh/ruff) from 0.0.291 to 0.1.4. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.0.291...v0.1.4) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 3abac004..4d4be2f1 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -77,7 +77,7 @@ dev = [ "flake8-simplify==0.21.0", "flake8-use-pathlib==0.3.0", "flake8-copyright==0.2.4", - "ruff==0.0.291", + "ruff==0.1.4", "black==23.10.0", "isort==5.11.4", "mypy==1.6.1", From 48abd297a80ef1fbcf72c4dcfe330745559ef1da Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Nov 2023 13:16:09 +0000 Subject: [PATCH 11/34] build(deps-dev): bump black from 23.10.0 to 23.10.1 Bumps [black](https://github.com/psf/black) from 23.10.0 to 23.10.1. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/23.10.0...23.10.1) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 4d4be2f1..3860ba28 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -78,7 +78,7 @@ dev = [ "flake8-use-pathlib==0.3.0", "flake8-copyright==0.2.4", "ruff==0.1.4", - "black==23.10.0", + "black==23.10.1", "isort==5.11.4", "mypy==1.6.1", "psutil==5.9.2", From 0ba5c238478e5e4949e2aec59a8aa4ff364abbf7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Nov 2023 14:20:52 +0000 Subject: [PATCH 12/34] build(deps-dev): bump pyinstaller from 6.1.0 to 6.2.0 Bumps [pyinstaller](https://github.com/pyinstaller/pyinstaller) from 6.1.0 to 6.2.0. - [Release notes](https://github.com/pyinstaller/pyinstaller/releases) - [Changelog](https://github.com/pyinstaller/pyinstaller/blob/develop/doc/CHANGES.rst) - [Commits](https://github.com/pyinstaller/pyinstaller/compare/v6.1.0...v6.2.0) --- updated-dependencies: - dependency-name: pyinstaller dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 92170a63..70433b8f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -96,7 +96,7 @@ dev = [ "types-protobuf==4.23.0.3", ] build = [ - "pyinstaller==6.1.0", + "pyinstaller==6.2.0", "setuptools==68.0.0", "build==1.0.3" ] From f0f95824ac2b3f239ff3cd20f3ecde31caa1e6bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Nov 2023 14:21:13 +0000 Subject: [PATCH 13/34] build(deps-dev): bump ruff from 0.1.4 to 0.1.5 Bumps [ruff](https://github.com/astral-sh/ruff) from 0.1.4 to 0.1.5. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.1.4...v0.1.5) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 92170a63..cb8f09db 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -77,7 +77,7 @@ dev = [ "flake8-simplify==0.21.0", "flake8-use-pathlib==0.3.0", "flake8-copyright==0.2.4", - "ruff==0.1.4", + "ruff==0.1.5", "black==23.10.1", "isort==5.11.4", "mypy==1.6.1", From 3c9ab635210eed5946c4d85b09a87247724d9c9d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 Nov 2023 10:29:05 +0000 Subject: [PATCH 14/34] build(deps-dev): bump black from 23.10.1 to 23.11.0 Bumps [black](https://github.com/psf/black) from 23.10.1 to 23.11.0. - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/23.10.1...23.11.0) --- updated-dependencies: - dependency-name: black dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 034b726b..fdc32db2 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -78,7 +78,7 @@ dev = [ "flake8-use-pathlib==0.3.0", "flake8-copyright==0.2.4", "ruff==0.1.5", - "black==23.10.1", + "black==23.11.0", "isort==5.11.4", "mypy==1.6.1", "psutil==5.9.2", From 0d5ff45c763d8f5d5a69f0706e1bb8763f9fdc21 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 Nov 2023 10:29:20 +0000 Subject: [PATCH 15/34] build(deps-dev): bump mypy from 1.6.1 to 1.7.0 Bumps [mypy](https://github.com/python/mypy) from 1.6.1 to 1.7.0. - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](https://github.com/python/mypy/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: mypy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 034b726b..bf9f24ae 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -80,7 +80,7 @@ dev = [ "ruff==0.1.5", "black==23.10.1", "isort==5.11.4", - "mypy==1.6.1", + "mypy==1.7.0", "psutil==5.9.2", "stix2==3.0.1", "requests==2.31.0", From 2f60ec03af9e38d1dd0eb66cf3292c242ec22ac5 Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Wed, 15 Nov 2023 09:25:02 +0000 Subject: [PATCH 16/34] Sync capa rules submodule --- rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules b/rules index 65eae8a7..1b8b2dbc 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit 65eae8a7d67af66a1a9f3a3bdc95cb347cc9b5e1 +Subproject commit 1b8b2dbc859e3c65d86c25293b5278c21513e036 From 490271e50b47929f0b068ff63bc78cd6b321bdeb Mon Sep 17 00:00:00 2001 From: doomedraven Date: Thu, 16 Nov 2023 10:54:59 +0100 Subject: [PATCH 17/34] fix pydantic vuln (ReDoS) Regular Expression Denial of Service (ReDoS) MEDIUM SEVERITY Package Manager: pip Vulnerable module: pydantic Remediation Upgrade pydantic to version 1.10.13, 2.4.0 or higher. --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index ea9fb474..d65750e2 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -48,7 +48,7 @@ dependencies = [ "pyelftools==0.30", "dnfile==0.14.1", "dncil==1.0.2", - "pydantic==2.1.1", + "pydantic==2.4.0", "protobuf==4.23.4", ] dynamic = ["version"] From a5e1eca8cc01b0d3798a1949ab53831c2fa08a26 Mon Sep 17 00:00:00 2001 From: doomedraven Date: Thu, 16 Nov 2023 13:27:25 +0100 Subject: [PATCH 18/34] Create pip-audit.yml --- .github/workflows/pip-audit.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/pip-audit.yml diff --git a/.github/workflows/pip-audit.yml b/.github/workflows/pip-audit.yml new file mode 100644 index 00000000..f18babf5 --- /dev/null +++ b/.github/workflows/pip-audit.yml @@ -0,0 +1,21 @@ +name: PIP audit + +on: + schedule: + - cron: '0 8 * * 1' + +jobs: + test: + runs-on: ubuntu-latest + timeout-minutes: 20 + strategy: + matrix: + python-version: ["3.11"] + + steps: + - name: Check out repository code + uses: actions/checkout@v4 + + - uses: pypa/gh-action-pip-audit@v1.0.8 + with: + inputs: . From 3fe2328bd26fbfccea1a8d324f54e52c3da6fa72 Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Fri, 17 Nov 2023 23:27:52 +0000 Subject: [PATCH 19/34] Sync capa rules submodule --- rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules b/rules index 1b8b2dbc..74121881 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit 1b8b2dbc859e3c65d86c25293b5278c21513e036 +Subproject commit 74121881ecae14633af04f5b956df4a55731ad30 From fb1235d26f1694efa65fc0bd08c03b5fdcb9de91 Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Mon, 20 Nov 2023 10:27:11 +0000 Subject: [PATCH 20/34] Sync capa rules submodule --- CHANGELOG.md | 3 ++- README.md | 2 +- rules | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 987544f3..db5a7618 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,7 @@ ### Breaking Changes -### New Rules (19) +### New Rules (20) - nursery/get-ntoskrnl-base-address @mr-tz - host-interaction/network/connectivity/set-tcp-connection-state @johnk3r @@ -32,6 +32,7 @@ - host-interaction/process/inject/allocate-or-change-rwx-memory @mr-tz - lib/allocate-or-change-rw-memory 0x534a@mailbox.org @mr-tz - lib/change-memory-protection @mr-tz +- anti-analysis/anti-av/patch-antimalware-scan-interface-function jakub.jozwiak@mandiant.com - ### Bug Fixes diff --git a/README.md b/README.md index eb5944b9..0eddadc2 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/flare-capa)](https://pypi.org/project/flare-capa) [![Last release](https://img.shields.io/github/v/release/mandiant/capa)](https://github.com/mandiant/capa/releases) -[![Number of rules](https://img.shields.io/badge/rules-847-blue.svg)](https://github.com/mandiant/capa-rules) +[![Number of rules](https://img.shields.io/badge/rules-848-blue.svg)](https://github.com/mandiant/capa-rules) [![CI status](https://github.com/mandiant/capa/workflows/CI/badge.svg)](https://github.com/mandiant/capa/actions?query=workflow%3ACI+event%3Apush+branch%3Amaster) [![Downloads](https://img.shields.io/github/downloads/mandiant/capa/total)](https://github.com/mandiant/capa/releases) [![License](https://img.shields.io/badge/license-Apache--2.0-green.svg)](LICENSE.txt) diff --git a/rules b/rules index 74121881..133b1756 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit 74121881ecae14633af04f5b956df4a55731ad30 +Subproject commit 133b175680764543bf9a0a006940d5e0b86acdfa From 9d1e60d4a251bd041832ccdd5c8bba00252b8feb Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Mon, 20 Nov 2023 11:40:22 +0000 Subject: [PATCH 21/34] Sync capa-testfiles submodule --- tests/data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/data b/tests/data index d5a4ab13..d795054a 160000 --- a/tests/data +++ b/tests/data @@ -1 +1 @@ -Subproject commit d5a4ab13cc448945318b08fb4dbb8ad697affe07 +Subproject commit d795054a04d9114d72bf441bc63612300a267fc5 From f6048b9e99c36599fbddb7186d20309ca5877c1c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Nov 2023 14:20:47 +0000 Subject: [PATCH 22/34] build(deps-dev): bump ruff from 0.1.5 to 0.1.6 Bumps [ruff](https://github.com/astral-sh/ruff) from 0.1.5 to 0.1.6. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/v0.1.5...v0.1.6) --- updated-dependencies: - dependency-name: ruff dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index d65750e2..465c1481 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -77,7 +77,7 @@ dev = [ "flake8-simplify==0.21.0", "flake8-use-pathlib==0.3.0", "flake8-copyright==0.2.4", - "ruff==0.1.5", + "ruff==0.1.6", "black==23.11.0", "isort==5.11.4", "mypy==1.7.0", From cf35d2c4971a143b4b524284324f74029941fb93 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Nov 2023 14:20:59 +0000 Subject: [PATCH 23/34] build(deps-dev): bump wcwidth from 0.2.9 to 0.2.10 Bumps [wcwidth](https://github.com/jquast/wcwidth) from 0.2.9 to 0.2.10. - [Release notes](https://github.com/jquast/wcwidth/releases) - [Commits](https://github.com/jquast/wcwidth/compare/0.2.9...0.2.10) --- updated-dependencies: - dependency-name: wcwidth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index d65750e2..8e7e3a61 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -37,7 +37,7 @@ dependencies = [ "tabulate==0.9.0", "colorama==0.4.6", "termcolor==2.3.0", - "wcwidth==0.2.9", + "wcwidth==0.2.10", "ida-settings==2.1.0", "viv-utils[flirt]==0.7.9", "halo==0.0.31", From 235a3bede0d3e4adb59b4cd705d1d07f82a9b712 Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Tue, 21 Nov 2023 10:52:38 +0000 Subject: [PATCH 24/34] Sync capa rules submodule --- CHANGELOG.md | 4 +++- README.md | 2 +- rules | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index db5a7618..508f6779 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,7 @@ ### Breaking Changes -### New Rules (20) +### New Rules (22) - nursery/get-ntoskrnl-base-address @mr-tz - host-interaction/network/connectivity/set-tcp-connection-state @johnk3r @@ -33,6 +33,8 @@ - lib/allocate-or-change-rw-memory 0x534a@mailbox.org @mr-tz - lib/change-memory-protection @mr-tz - anti-analysis/anti-av/patch-antimalware-scan-interface-function jakub.jozwiak@mandiant.com +- executable/dotnet-singlefile/bundled-with-dotnet-single-file-deployment sara.rincon@mandiant.com +- internal/limitation/file/internal-dotnet-single-file-deployment-limitation sara.rincon@mandiant.com - ### Bug Fixes diff --git a/README.md b/README.md index 0eddadc2..b4ff406c 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/flare-capa)](https://pypi.org/project/flare-capa) [![Last release](https://img.shields.io/github/v/release/mandiant/capa)](https://github.com/mandiant/capa/releases) -[![Number of rules](https://img.shields.io/badge/rules-848-blue.svg)](https://github.com/mandiant/capa-rules) +[![Number of rules](https://img.shields.io/badge/rules-850-blue.svg)](https://github.com/mandiant/capa-rules) [![CI status](https://github.com/mandiant/capa/workflows/CI/badge.svg)](https://github.com/mandiant/capa/actions?query=workflow%3ACI+event%3Apush+branch%3Amaster) [![Downloads](https://img.shields.io/github/downloads/mandiant/capa/total)](https://github.com/mandiant/capa/releases) [![License](https://img.shields.io/badge/license-Apache--2.0-green.svg)](LICENSE.txt) diff --git a/rules b/rules index 133b1756..41a0a9d1 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit 133b175680764543bf9a0a006940d5e0b86acdfa +Subproject commit 41a0a9d1e78a027a3ac3142d6dabeb8029e92145 From d61d1dc59116ffbb0164b45e305d0650973c57c7 Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Wed, 22 Nov 2023 13:10:44 +0000 Subject: [PATCH 25/34] Sync capa rules submodule --- CHANGELOG.md | 3 ++- README.md | 2 +- rules | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 508f6779..b1af83e6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,7 @@ ### Breaking Changes -### New Rules (22) +### New Rules (23) - nursery/get-ntoskrnl-base-address @mr-tz - host-interaction/network/connectivity/set-tcp-connection-state @johnk3r @@ -35,6 +35,7 @@ - anti-analysis/anti-av/patch-antimalware-scan-interface-function jakub.jozwiak@mandiant.com - executable/dotnet-singlefile/bundled-with-dotnet-single-file-deployment sara.rincon@mandiant.com - internal/limitation/file/internal-dotnet-single-file-deployment-limitation sara.rincon@mandiant.com +- data-manipulation/encoding/encode-data-using-add-xor-sub-operations jakub.jozwiak@mandiant.com - ### Bug Fixes diff --git a/README.md b/README.md index b4ff406c..da9193e0 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/flare-capa)](https://pypi.org/project/flare-capa) [![Last release](https://img.shields.io/github/v/release/mandiant/capa)](https://github.com/mandiant/capa/releases) -[![Number of rules](https://img.shields.io/badge/rules-850-blue.svg)](https://github.com/mandiant/capa-rules) +[![Number of rules](https://img.shields.io/badge/rules-851-blue.svg)](https://github.com/mandiant/capa-rules) [![CI status](https://github.com/mandiant/capa/workflows/CI/badge.svg)](https://github.com/mandiant/capa/actions?query=workflow%3ACI+event%3Apush+branch%3Amaster) [![Downloads](https://img.shields.io/github/downloads/mandiant/capa/total)](https://github.com/mandiant/capa/releases) [![License](https://img.shields.io/badge/license-Apache--2.0-green.svg)](LICENSE.txt) diff --git a/rules b/rules index 41a0a9d1..533577fd 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit 41a0a9d1e78a027a3ac3142d6dabeb8029e92145 +Subproject commit 533577fda932312df242a3521d81d5a0d93eebca From 347687579ce4bb38458cb962b49e17d0b701a588 Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Wed, 22 Nov 2023 18:05:52 +0000 Subject: [PATCH 26/34] Sync capa rules submodule --- CHANGELOG.md | 9 ++++++++- README.md | 2 +- rules | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b1af83e6..4a2da553 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,7 @@ ### Breaking Changes -### New Rules (23) +### New Rules (30) - nursery/get-ntoskrnl-base-address @mr-tz - host-interaction/network/connectivity/set-tcp-connection-state @johnk3r @@ -36,6 +36,13 @@ - executable/dotnet-singlefile/bundled-with-dotnet-single-file-deployment sara.rincon@mandiant.com - internal/limitation/file/internal-dotnet-single-file-deployment-limitation sara.rincon@mandiant.com - data-manipulation/encoding/encode-data-using-add-xor-sub-operations jakub.jozwiak@mandiant.com +- nursery/access-camera-in-dotnet-on-android michael.hunhoff@mandiant.com +- nursery/capture-microphone-audio-in-dotnet-on-android michael.hunhoff@mandiant.com +- nursery/capture-screenshot-in-dotnet-on-android michael.hunhoff@mandiant.com +- nursery/check-for-incoming-call-in-dotnet-on-android michael.hunhoff@mandiant.com +- nursery/check-for-outgoing-call-in-dotnet-on-android michael.hunhoff@mandiant.com +- nursery/compiled-with-xamarin michael.hunhoff@mandiant.com +- nursery/get-os-version-in-dotnet-on-android michael.hunhoff@mandiant.com - ### Bug Fixes diff --git a/README.md b/README.md index da9193e0..989dd28d 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/flare-capa)](https://pypi.org/project/flare-capa) [![Last release](https://img.shields.io/github/v/release/mandiant/capa)](https://github.com/mandiant/capa/releases) -[![Number of rules](https://img.shields.io/badge/rules-851-blue.svg)](https://github.com/mandiant/capa-rules) +[![Number of rules](https://img.shields.io/badge/rules-858-blue.svg)](https://github.com/mandiant/capa-rules) [![CI status](https://github.com/mandiant/capa/workflows/CI/badge.svg)](https://github.com/mandiant/capa/actions?query=workflow%3ACI+event%3Apush+branch%3Amaster) [![Downloads](https://img.shields.io/github/downloads/mandiant/capa/total)](https://github.com/mandiant/capa/releases) [![License](https://img.shields.io/badge/license-Apache--2.0-green.svg)](LICENSE.txt) diff --git a/rules b/rules index 533577fd..e0d5e95a 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit 533577fda932312df242a3521d81d5a0d93eebca +Subproject commit e0d5e95a82375f887e1d4682aefdcf39f963d2c2 From fce105060d0c4214d43e606b564000af49c72984 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Nov 2023 14:55:45 +0000 Subject: [PATCH 27/34] build(deps-dev): bump wcwidth from 0.2.10 to 0.2.12 Bumps [wcwidth](https://github.com/jquast/wcwidth) from 0.2.10 to 0.2.12. - [Release notes](https://github.com/jquast/wcwidth/releases) - [Commits](https://github.com/jquast/wcwidth/compare/0.2.10...0.2.12) --- updated-dependencies: - dependency-name: wcwidth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index ab29524b..46806966 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -37,7 +37,7 @@ dependencies = [ "tabulate==0.9.0", "colorama==0.4.6", "termcolor==2.3.0", - "wcwidth==0.2.10", + "wcwidth==0.2.12", "ida-settings==2.1.0", "viv-utils[flirt]==0.7.9", "halo==0.0.31", From 6a4994f1ef17ceb32c5bb10c0934ea949ffaff5d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Nov 2023 14:56:01 +0000 Subject: [PATCH 28/34] build(deps-dev): bump setuptools from 68.0.0 to 69.0.2 Bumps [setuptools](https://github.com/pypa/setuptools) from 68.0.0 to 69.0.2. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](https://github.com/pypa/setuptools/compare/v68.0.0...v69.0.2) --- updated-dependencies: - dependency-name: setuptools dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index ab29524b..383402e4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -97,7 +97,7 @@ dev = [ ] build = [ "pyinstaller==6.2.0", - "setuptools==68.0.0", + "setuptools==69.0.2", "build==1.0.3" ] From 61c8e30f651f92e00336e0fe9af884cbc2045ee8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Nov 2023 14:56:29 +0000 Subject: [PATCH 29/34] build(deps-dev): bump flake8-bugbear from 23.9.16 to 23.11.26 Bumps [flake8-bugbear](https://github.com/PyCQA/flake8-bugbear) from 23.9.16 to 23.11.26. - [Release notes](https://github.com/PyCQA/flake8-bugbear/releases) - [Commits](https://github.com/PyCQA/flake8-bugbear/compare/23.9.16...23.11.26) --- updated-dependencies: - dependency-name: flake8-bugbear dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index ab29524b..34a37a21 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -67,7 +67,7 @@ dev = [ "pytest-instafail==0.5.0", "pytest-cov==4.1.0", "flake8==6.1.0", - "flake8-bugbear==23.9.16", + "flake8-bugbear==23.11.26", "flake8-encodings==0.5.0.post1", "flake8-comprehensions==3.14.0", "flake8-logging-format==0.9.0", From 84ed6c8d24131f320514e210e785b35c38c869ab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Nov 2023 14:56:45 +0000 Subject: [PATCH 30/34] build(deps-dev): bump mypy from 1.7.0 to 1.7.1 Bumps [mypy](https://github.com/python/mypy) from 1.7.0 to 1.7.1. - [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md) - [Commits](https://github.com/python/mypy/compare/v1.7.0...v1.7.1) --- updated-dependencies: - dependency-name: mypy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index ab29524b..44cb7f98 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -80,7 +80,7 @@ dev = [ "ruff==0.1.6", "black==23.11.0", "isort==5.11.4", - "mypy==1.7.0", + "mypy==1.7.1", "psutil==5.9.2", "stix2==3.0.1", "requests==2.31.0", From c8d00714438bf38c02d612841297a07d642ea89a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Nov 2023 12:37:42 +0000 Subject: [PATCH 31/34] build(deps-dev): bump flake8-encodings from 0.5.0.post1 to 0.5.1 Bumps [flake8-encodings](https://github.com/python-formate/flake8-encodings) from 0.5.0.post1 to 0.5.1. - [Release notes](https://github.com/python-formate/flake8-encodings/releases) - [Commits](https://github.com/python-formate/flake8-encodings/compare/v0.5.0.post1...v0.5.1) --- updated-dependencies: - dependency-name: flake8-encodings dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 4a21d882..38f2e80c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -68,7 +68,7 @@ dev = [ "pytest-cov==4.1.0", "flake8==6.1.0", "flake8-bugbear==23.11.26", - "flake8-encodings==0.5.0.post1", + "flake8-encodings==0.5.1", "flake8-comprehensions==3.14.0", "flake8-logging-format==0.9.0", "flake8-no-implicit-concat==0.3.5", From 277d7e06872a38120ab66119c87a8b0ef42e5f0d Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Wed, 29 Nov 2023 13:33:01 +0000 Subject: [PATCH 32/34] Sync capa rules submodule --- CHANGELOG.md | 5 ++++- README.md | 2 +- rules | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a2da553..9ba46c45 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,7 @@ ### Breaking Changes -### New Rules (30) +### New Rules (34) - nursery/get-ntoskrnl-base-address @mr-tz - host-interaction/network/connectivity/set-tcp-connection-state @johnk3r @@ -43,6 +43,9 @@ - nursery/check-for-outgoing-call-in-dotnet-on-android michael.hunhoff@mandiant.com - nursery/compiled-with-xamarin michael.hunhoff@mandiant.com - nursery/get-os-version-in-dotnet-on-android michael.hunhoff@mandiant.com +- data-manipulation/compression/create-cabinet-on-windows michael.hunhoff@mandiant.com jakub.jozwiak@mandiant.com +- data-manipulation/compression/extract-cabinet-on-windows jakub.jozwiak@mandiant.com +- lib/create-file-decompression-interface-context-on-windows jakub.jozwiak@mandiant.com - ### Bug Fixes diff --git a/README.md b/README.md index 989dd28d..a1d8d243 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/flare-capa)](https://pypi.org/project/flare-capa) [![Last release](https://img.shields.io/github/v/release/mandiant/capa)](https://github.com/mandiant/capa/releases) -[![Number of rules](https://img.shields.io/badge/rules-858-blue.svg)](https://github.com/mandiant/capa-rules) +[![Number of rules](https://img.shields.io/badge/rules-859-blue.svg)](https://github.com/mandiant/capa-rules) [![CI status](https://github.com/mandiant/capa/workflows/CI/badge.svg)](https://github.com/mandiant/capa/actions?query=workflow%3ACI+event%3Apush+branch%3Amaster) [![Downloads](https://img.shields.io/github/downloads/mandiant/capa/total)](https://github.com/mandiant/capa/releases) [![License](https://img.shields.io/badge/license-Apache--2.0-green.svg)](LICENSE.txt) diff --git a/rules b/rules index e0d5e95a..a8dafc2a 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit e0d5e95a82375f887e1d4682aefdcf39f963d2c2 +Subproject commit a8dafc2afb130a3c5da2621ae6440fe131836668 From a29c320f958f9bc7da06e5a730da54a2d0b42c26 Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Wed, 29 Nov 2023 13:45:44 +0000 Subject: [PATCH 33/34] Sync capa-testfiles submodule --- tests/data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/data b/tests/data index d795054a..5c4886b2 160000 --- a/tests/data +++ b/tests/data @@ -1 +1 @@ -Subproject commit d795054a04d9114d72bf441bc63612300a267fc5 +Subproject commit 5c4886b2b71a9f71d47f0d3699a8e257ee02292e From 7db40c3af8ac633093341e86efda34dd20863e9c Mon Sep 17 00:00:00 2001 From: Capa Bot Date: Wed, 29 Nov 2023 13:53:18 +0000 Subject: [PATCH 34/34] Sync capa rules submodule --- rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules b/rules index a8dafc2a..9820a215 160000 --- a/rules +++ b/rules @@ -1 +1 @@ -Subproject commit a8dafc2afb130a3c5da2621ae6440fe131836668 +Subproject commit 9820a215d87c026d2c53ed69dcccb02b485b9df1