Skip to content

Commit

Permalink
update scopes
Browse files Browse the repository at this point in the history
  • Loading branch information
mr-tz committed Nov 24, 2023
1 parent 5e2dae1 commit 5430889
Show file tree
Hide file tree
Showing 11 changed files with 33 additions and 11 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ rule:
namespace: anti-analysis/anti-av
authors:
- [email protected]
scope: function
scopes:
static: function
dynamic: thread
att&ck:
- Defense Evasion::Impair Defenses::Disable or Modify Tools [T1562.001]
mbc:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@ rule:
authors:
- [email protected]
description: Data encoding using a sequence of ADD/XOR/SUB (or SUB/XOR/ADD) operations common for PlugX but also used by other malware families.
scope: function
scopes:
static: function
dynamic: unsupported # requires basic block, characteristic, mnemonic features
att&ck:
- Defense Evasion::Obfuscated Files or Information [T1027]
mbc:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ rule:
namespace: executable/dotnet-singlefile
authors:
- [email protected]
scope: file
scopes:
static: file
dynamic: file
references:
- https://learn.microsoft.com/en-us/dotnet/core/deploying/single-file/overview?tabs=cli
- https://github.com/dotnet/runtime/blob/84de9b678613675e0444b265905c82d33dae33a8/src/installer/managed/Microsoft.NET.HostModel/AppHost/HostWriter.cs
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,9 @@ rule:
The size of the single file in a self-contained application is large since it includes the runtime and the framework libraries.
The main application and the libraries are contained in the overlay section.
You may need to extract the runtime configuration files such as *.deps.json and *.runtimeconfig.json files to determine the main .NET library and extract it with the tool SingleFileExtractor.
scope: file
scopes:
static: file
dynamic: file
examples:
- 0da87fccbf7687a6c7ab38087dea8b8f32c2b1fb6546101485b7167d18d9c406
features:
Expand Down
4 changes: 3 additions & 1 deletion nursery/access-camera-in-dotnet-on-android.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ rule:
namespace: host-interaction/hardware/camera
authors:
- [email protected]
scope: function
scopes:
static: function
dynamic: unsupported # requires .NET API feature
features:
- or:
- api: Android.Hardware.Camera::Open
4 changes: 3 additions & 1 deletion nursery/capture-microphone-audio-in-dotnet-on-android.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ rule:
namespace: collection/microphone
authors:
- [email protected]
scope: function
scopes:
static: function
dynamic: unsupported # requires .NET API features
features:
- and:
- api: Android.Media.AudioRecord::StartRecording
Expand Down
4 changes: 3 additions & 1 deletion nursery/capture-screenshot-in-dotnet-on-android.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ rule:
namespace: collection/screenshot
authors:
- [email protected]
scope: function
scopes:
static: function
dynamic: unsupported # requires .NET API feature
features:
- or:
- api: Android.Media.Projection.MediaProjectionManager::CreateScreenCaptureIntent
4 changes: 3 additions & 1 deletion nursery/check-for-incoming-call-in-dotnet-on-android.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ rule:
namespace: host-interaction
authors:
- [email protected]
scope: function
scopes:
static: function
dynamic: unsupported # requires property
features:
- and:
- property/read: Android.Content.Intent::Action
Expand Down
4 changes: 3 additions & 1 deletion nursery/check-for-outgoing-call-in-dotnet-on-android.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ rule:
namespace: host-interaction
authors:
- [email protected]
scope: function
scopes:
static: function
dynamic: unsupported # requires property
features:
- and:
- property/read: Android.Content.Intent::Action
Expand Down
4 changes: 3 additions & 1 deletion nursery/compiled-with-xamarin.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ rule:
namespace: compiler/xamarin
authors:
- [email protected]
scope: file
scopes:
static: file
dynamic: file
features:
- or:
- namespace: Xamarin.Essentials
4 changes: 3 additions & 1 deletion nursery/get-os-version-in-dotnet-on-android.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ rule:
namespace: host-interaction/os/info
authors:
- [email protected]
scope: function
scopes:
static: function
dynamic: unsupported # requires class features
features:
- and:
- class: Android.OS.Build

0 comments on commit 5430889

Please sign in to comment.