v1.6.1
Summary
Added: 16 rules
Modified: 88 rules
Renamed: 3 rules
Deleted: 0 rules
Detailed release changes: rules v1.6.0...v1.6.1
Added rules (16)
- data-manipulation/encryption/rc4/encrypt-data-using-rc4-with-custom-key-via-winapi.yml
- executable/installer/iexpress/packaged-as-an-iexpress-self-extracting-archive.yml
- host-interaction/registry/create-registry-key-via-offline-registry-library.yml
- host-interaction/registry/open-registry-key-via-offline-registry-library.yml
- host-interaction/registry/query-registry-key-via-offline-registry-library.yml
- host-interaction/registry/set-registry-key-via-offline-registry-library.yml
- load-code/pe/enumerate-pe-sections.yml
- load-code/pe/inject-dll-reflectively.yml
- load-code/pe/inspect-section-memory-permissions.yml
- load-code/pe/parse-pe-exports.yml
- load-code/pe/rebuild-import-table.yml
- nursery/delete-registry-key-via-offline-registry-library.yml
- nursery/encrypt-data-using-curve25519.yml
- nursery/get-user-security-identifier.yml
- nursery/listen-for-remote-procedure-calls.yml
- nursery/query-remote-server-for-available-data.yml
Modified rules (88)
- anti-analysis/anti-debugging/debugger-detection/check-for-outputdebugstring-error.yml
- anti-analysis/anti-emulation/wine/check-if-process-is-running-under-wine.yml
- anti-analysis/anti-forensic/patch-process-command-line.yml
- anti-analysis/anti-vm/vm-detection/check-for-windows-sandbox-via-device.yml
- anti-analysis/anti-vm/vm-detection/check-for-windows-sandbox-via-dns-suffix.yml
- anti-analysis/anti-vm/vm-detection/check-for-windows-sandbox-via-genuine-state.yml
- anti-analysis/anti-vm/vm-detection/check-for-windows-sandbox-via-process-name.yml
- anti-analysis/packer/aspack/packed-with-aspack.yml
- anti-analysis/packer/confuser/packed-with-confuser.yml
- anti-analysis/packer/upack/packed-with-upack.yml
- anti-analysis/packer/vmprotect/packed-with-vmprotect.yml
- c2/shell/execute-shell-command-and-capture-output.yml
- collection/browser/gather-firefox-profile-information.yml
- collection/network/capture-network-configuration-via-ipconfig.yml
- collection/network/get-mac-address.yml
- collection/screenshot/capture-screenshot.yml
- communication/http/client/check-http-status-code.yml
- communication/named-pipe/connect/connect-pipe.yml
- communication/named-pipe/read/read-pipe.yml
- communication/named-pipe/write/write-pipe.yml
- compiler/autoit/compiled-with-autoit.yml
- compiler/delphi/compiled-with-borland-delphi.yml
- compiler/exe4j/compiled-with-exe4j.yml
- compiler/mingw/compiled-with-mingw-for-windows.yml
- compiler/perl2exe/compiled-with-perl2exe.yml
- compiler/ps2exe/compiled-with-ps2exe.yml
- compiler/py2exe/compiled-with-py2exe.yml
- compiler/pyarmor/compiled-with-pyarmor.yml
- data-manipulation/compression/compress-data-via-winapi.yml
- data-manipulation/encoding/base64/encode-data-using-base64.yml
- data-manipulation/encryption/aes/encrypt-data-using-aes-via-net.yml
- data-manipulation/encryption/camellia/encrypt-data-using-camellia.yml
- data-manipulation/hashing/fnv/hash-data-using-fnv.yml
- data-manipulation/hashing/murmur/hash-data-using-murmur3.yml
- host-interaction/file-system/windows-file-protection/bypass-windows-file-protection.yml
- host-interaction/gui/taskbar/find/find-taskbar.yml
- host-interaction/hardware/cdrom/manipulate-cd-rom-drive.yml
- host-interaction/hardware/cpu/get-number-of-processor-cores.yml
- host-interaction/hardware/keyboard/simulate-ctrl-alt-del.yml
- host-interaction/hardware/storage/get-disk-size.yml
- host-interaction/process/create/create-a-process-with-modified-io-handles-and-window.yml
- host-interaction/process/inject/use-process-doppelganging.yml
- host-interaction/uac/bypass/bypass-uac-via-appinfo-alpc.yml
- host-interaction/uac/bypass/bypass-uac-via-token-manipulation.yml
- impact/wipe-disk/wipe-mbr/overwrite-master-boot-record-mbr.yml
- lib/validate-payment-card-number-using-luhn-algorithm-with-no-lookup-table.yml
- linking/static/cryptopp/linked-against-crypto.yml
- linking/static/openssl/linked-against-openssl.yml
- linking/static/polarssl/linked-against-polarsslmbed-tls.yml
- load-code/pe/parse-pe-header.yml
- nursery/acquire-debug-privileges.yml
- nursery/bypass-uac-via-icmluautil.yml
- nursery/bypass-uac-via-scheduled-task-environment-variable.yml
- nursery/capture-screenshot-in-go.yml
- nursery/check-for-windows-sandbox-via-mutex.yml
- nursery/check-license-value.yml
- nursery/debug-build.yml
- nursery/encrypt-data-using-salsa20-or-chacha.yml
- nursery/get-client-handle-via-schannel.yml
- nursery/get-comspec-environment-variable.yml
- nursery/get-proxy.yml
- nursery/linked-against-c-regex-library.yml
- nursery/linked-against-go-process-enumeration-library.yml
- nursery/linked-against-go-registry-library.yml
- nursery/linked-against-go-static-asset-library.yml
- nursery/linked-against-go-wmi-library.yml
- nursery/mine-cryptocurrency.yml
- nursery/packaged-as-a-wise-installer.yml
- nursery/packaged-as-an-installshield-installer.yml
- nursery/read-raw-disk-data.yml
- nursery/reference-114dns-dns-server.yml
- nursery/reference-alidns-dns-server.yml
- nursery/reference-cloudflare-dns-server.yml
- nursery/reference-comodo-secure-dns-server.yml
- nursery/reference-google-public-dns-server.yml
- nursery/reference-hurricane-electric-dns-server.yml
- nursery/reference-kornet-dns-server.yml
- nursery/reference-l3-dns-server.yml
- nursery/reference-opendns-dns-server.yml
- nursery/reference-quad9-dns-server.yml
- nursery/reference-screen-saver-executable.yml
- nursery/reference-verisign-dns-server.yml
- nursery/terminate-process-by-name.yml
- targeting/automated-teller-machine/diebold-nixdorf/load-diebold-nixdorf-atm-library.yml
- targeting/automated-teller-machine/diebold-nixdorf/reference-diebold-atm-routines.yml
- targeting/automated-teller-machine/identify-atm-dispenser-service-provider.yml
- targeting/automated-teller-machine/ncr/load-ncr-atm-library.yml
- targeting/automated-teller-machine/ncr/reference-ncr-atm-library-routines.yml