v3.2.0
版本发布时间: 2022-03-04 03:03:45
mandiant/capa最新发布版本:v7.4.0(2024-10-04 19:53:51)
This release adds a new characteristic call $+5
enabling users to create rules that match this instruction commonly seen in obfuscators. The linter now also validates ATT&CK and MBC categories. Additionally, many dependencies, including the vivisect backend, have been updated.
One rule has been added and many more have been improved.
Thanks for all the support, especially to @kn0wl3dge and first time contributor @uckelman-sf!
New Features
- linter: validate ATT&CK/MBC categories and IDs #103 @kn0wl3dge
- extractor: add characteristic "call $+5" feature #366 @kn0wl3dge
New Rules (1)
- anti-analysis/obfuscation/obfuscated-with-advobfuscator jakub.jozwiak@mandiant.com
Bug Fixes
- remove typing package as a requirement for Python 3.7+ compatibility #901 @uckelman-sf
- elf: fix OS detection for Linux kernel modules #867 @williballenthin
Raw diffs
1、 capa-v3.2.0-linux.zip 39.03MB
2、 capa-v3.2.0-macos.zip 29.88MB
3、 capa-v3.2.0-windows.zip 31.3MB